SlideShare a Scribd company logo

Using a risk based approach to provide cost-effective security

Elasticsearch
Elasticsearch

The State of Arizona Enterprise Security team undertook a proof of concept to increase the automation and reporting capabilities of its risk assessment and threat intelligence process. The goal is to analyze large amounts of data using Elastic to produce more accurate risk assessments with prevention, detection, response capabilities, and accurately model the cybersecurity threats the state is facing. This enables the State of Arizona to validate its security posture, be agile to continuously improve and respond to evolving cyber threats, and improve the cost effectiveness of security tools.

Technology
1 of 16
Download to read offline
COST EFFECTIVE SECURITY A Risk Based Approach
COST EFFECTIVE SECURITY A Risk Based Approach
Introductions Adam Pena Sr. Information Security Engineer 1 Blaine Stubstad Sr. Information Security Engineer
THE STATE OF ARIZONA AT A GLANCE 10+ regulatory frameworks 3 45,000+ State Employees 90+ State Agencies Here we have the State of Arizona at a glance. Because Arizona is a federated environment we have numerous tools, machines, and domains that we need to be able to secure while pulling data from a lot of different environments and normalizing it at scale. Various State agencies have to comply with most regulatory compliance bodies that exist such as HIPAA, PCI, PUB 1075, CJIS, etc
Understanding our risks At the State of Arizona we needed to be able to evaluate our security posture and validate we were making good security choices while staying true to our mission, objectives, and obligations which include: ● Improve Statewide Security ● Improve Cost Effectiveness of Security Tools ● Consolidate Vendors ● Increase Statewide Accountability ● Enhance Public Safety ● Foster Innovation ● Leverage Partnerships https://espac.az.gov/ 2
The Budget Cycle Which Tools Provide a good value? Because our budget is set 1-2 years in advance, we need to understand how to plan for future threats and which tools are providing a good value ● Budgets must be made over a year in advance ● Any changes need to be done a full fiscal year ahead ● We need to have a toolset which allows us to be able to mitigate the known and unknown threats 4
TOOL EFFECTIVENESS How do you plan for threats years in advance? Being able to effectively plan for security threats years in advance means you must be able to effectively adapt to your new threat landscape ● Covid-19 ● Supply Chain Compromise ● Ransomware ● Zero Day Exploits 5
RISK ANALYSIS Typical Problem with Risk Analysis One of the biggest issues with risk assessments is typically how subjective the assessment is ● How likely is a threat? ● How effective are safeguards? ● How many machines are actually at risk? 6
RISK ANALYSIS What is the rigor put in to evaluate our risks? To combat this we are using larger data sets. More data points should leave less room for subjective interpretations and provide more objective based results. ● Attack Path Modeling ● System Configurations ● Tools installed ● Policies applied within the tools 7
Elastic Overview Flow Overview 1 Data is visualized and aggregated into dashboards and reports All of the different data sources are brought into a single place where it is mapped accordingly Alerts and machine learning jobs are run to help reduce “noise” and prioritize security issues and risk Data is brought into Elastic and shipped to the cloud being normalized through the ingest pipelines with ECS DATA SOURCES
TOOL EFFECTIVENESS Mapping the Data Large volumes of data are used from hundreds of thousands of data points to generate accurate mapping indexes 1 1 2 3 4 5 Threats are mapped to the Mitre Att&ck model Tactic and Techniques are mapped to the Controls Controls are mapped to the Tools/ Safeguards Safeguards are mapped to devices Devices are mapped with configuration information
THREAT INTELLIGENCE Operationalizing threat intelligence After mapping the Safeguards to the ATT&CK Model, we can now look at the data to determine the security value of the Controls. We started by looking at different data sources to find the top attacks, or most frequently occurring, that the state should defend against. Then, we leveraged the ATT&CK Model by creating attack patterns which allowed us to determine the effectiveness of the Safeguards to defend against top attack types. ● Understanding what systems can be impacted ● Can the systems actually be exploited? ● What threats can we detect, prevent, or respond to? 8
Operationalizing Risk Operationalizing Risk Results Now that we understand where our risk lies we can operationalize this data ● Which risks can be further mitigated automatically ○ This is where Security Orchestration and Automation can be used to automatically reduce these risks ● We can identify new and emerging threats and understand what risks they will pose at the device level automatically ● We are able to accurately gauge the effectiveness of our security tools to stop threats 9
Reducing Costs Understanding the Value We now have a full view of the effectiveness of the tools we have deployed. We can now calculate the utility to cost ratio of our tools ● We can now see which tools reduce what risks and how effectively they do it ● We can identify tools that are costing more but are not actually effectively mitigating threats and reducing risk ● We now have valid evidence for justifying the budget of some tools while looking for other solutions to more effectively reduce risk 10
Going Forward Constantly adapting We continue to change which data we give value to and identify trends ● Identifying which threat data sources are providing threats we actually see ● How long does it take us to identify threats and risks and how long to action on them? ● Adjusting our implementations to reduce costs and provide better accountability to the citizens of Arizona 11 Expanding information sharing network The State of Arizona continues to expand the Arizona Cybersecurity Information Program (ACIP) ● Sharing our threat intelling in real time at machine speeds ● Enriching and validating our threat information ● If you are interested in becoming a sharing partner, please feel free to reach out ACIP@AZDPS.GOV
Thank You Please feel free to email us with questions or for more information Adam.Pena@azdoa.gov Blaine.Stubstad@azdoa.gov

Recommended

What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Protecting against cyber attacks at UC Davis with Elastic
Protecting against cyber attacks at UC Davis with ElasticProtecting against cyber attacks at UC Davis with Elastic
Protecting against cyber attacks at UC Davis with ElasticElasticsearch
 
Elastic Security under the hood
Elastic Security under the hoodElastic Security under the hood
Elastic Security under the hoodElasticsearch
 
ECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and ComplianceECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and ComplianceElasticsearch
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
How Zebra Technologies delivers business intelligence with Elastic on Google ...
How Zebra Technologies delivers business intelligence with Elastic on Google ...How Zebra Technologies delivers business intelligence with Elastic on Google ...
How Zebra Technologies delivers business intelligence with Elastic on Google ...Elasticsearch
 

Recommended

What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Protecting against cyber attacks at UC Davis with Elastic
Protecting against cyber attacks at UC Davis with ElasticProtecting against cyber attacks at UC Davis with Elastic
Protecting against cyber attacks at UC Davis with ElasticElasticsearch
 
Elastic Security under the hood
Elastic Security under the hoodElastic Security under the hood
Elastic Security under the hoodElasticsearch
 
ECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and ComplianceECS: Delivering Better Cyber Intelligence and Compliance
ECS: Delivering Better Cyber Intelligence and ComplianceElasticsearch
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
How Zebra Technologies delivers business intelligence with Elastic on Google ...
How Zebra Technologies delivers business intelligence with Elastic on Google ...How Zebra Technologies delivers business intelligence with Elastic on Google ...
How Zebra Technologies delivers business intelligence with Elastic on Google ...Elasticsearch
 
SIEM, malware protection, deep data visibility — for free
SIEM, malware protection, deep data visibility — for freeSIEM, malware protection, deep data visibility — for free
SIEM, malware protection, deep data visibility — for freeElasticsearch
 
Elastic Security keynote
Elastic Security keynoteElastic Security keynote
Elastic Security keynoteElasticsearch
 
Using Elastic @ Elastic: InfoSec and Elastic Security
Using Elastic @ Elastic: InfoSec and Elastic SecurityUsing Elastic @ Elastic: InfoSec and Elastic Security
Using Elastic @ Elastic: InfoSec and Elastic SecurityElasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentElasticsearch
 
Faster business decisions and collaboration with Elastic Workplace Search
Faster business decisions and collaboration with Elastic Workplace SearchFaster business decisions and collaboration with Elastic Workplace Search
Faster business decisions and collaboration with Elastic Workplace SearchElasticsearch
 
Operationalise with alerting, custom dashboards, and timelines
Operationalise with alerting, custom dashboards, and timelinesOperationalise with alerting, custom dashboards, and timelines
Operationalise with alerting, custom dashboards, and timelinesElasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionElasticsearch
 
Machine learning and the Elastic Stack: Everywhere you need it
Machine learning and the Elastic Stack: Everywhere you need itMachine learning and the Elastic Stack: Everywhere you need it
Machine learning and the Elastic Stack: Everywhere you need itElasticsearch
 
基調講演:より優れた、高速で簡単な検索
基調講演:より優れた、高速で簡単な検索基調講演:より優れた、高速で簡単な検索
基調講演:より優れた、高速で簡単な検索Elasticsearch
 
From secure VPC links to SSO with Elastic Cloud
From secure VPC links to SSO with Elastic CloudFrom secure VPC links to SSO with Elastic Cloud
From secure VPC links to SSO with Elastic CloudElasticsearch
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Elasticsearch
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM? Elasticsearch
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
Public sector keynote
Public sector keynotePublic sector keynote
Public sector keynoteElasticsearch
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudElasticsearch
 
Faster business decisions and collaboration with Workplace Search
Faster business decisions and collaboration with Workplace SearchFaster business decisions and collaboration with Workplace Search
Faster business decisions and collaboration with Workplace SearchElasticsearch
 
Opening keynote | Americas
Opening keynote | AmericasOpening keynote | Americas
Opening keynote | AmericasElasticsearch
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesElasticsearch
 
Using machine learning to detect DGA with >99.9% accuracy
Using machine learning to detect DGA with >99.9% accuracyUsing machine learning to detect DGA with >99.9% accuracy
Using machine learning to detect DGA with >99.9% accuracyElasticsearch
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 

More Related Content

What's hot

SIEM, malware protection, deep data visibility — for free
SIEM, malware protection, deep data visibility — for freeSIEM, malware protection, deep data visibility — for free
SIEM, malware protection, deep data visibility — for freeElasticsearch
 
Elastic Security keynote
Elastic Security keynoteElastic Security keynote
Elastic Security keynoteElasticsearch
 
Using Elastic @ Elastic: InfoSec and Elastic Security
Using Elastic @ Elastic: InfoSec and Elastic SecurityUsing Elastic @ Elastic: InfoSec and Elastic Security
Using Elastic @ Elastic: InfoSec and Elastic SecurityElasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentElasticsearch
 
Faster business decisions and collaboration with Elastic Workplace Search
Faster business decisions and collaboration with Elastic Workplace SearchFaster business decisions and collaboration with Elastic Workplace Search
Faster business decisions and collaboration with Elastic Workplace SearchElasticsearch
 
Operationalise with alerting, custom dashboards, and timelines
Operationalise with alerting, custom dashboards, and timelinesOperationalise with alerting, custom dashboards, and timelines
Operationalise with alerting, custom dashboards, and timelinesElasticsearch
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionElasticsearch
 
Machine learning and the Elastic Stack: Everywhere you need it
Machine learning and the Elastic Stack: Everywhere you need itMachine learning and the Elastic Stack: Everywhere you need it
Machine learning and the Elastic Stack: Everywhere you need itElasticsearch
 
基調講演:より優れた、高速で簡単な検索
基調講演:より優れた、高速で簡単な検索基調講演:より優れた、高速で簡単な検索
基調講演:より優れた、高速で簡単な検索Elasticsearch
 
From secure VPC links to SSO with Elastic Cloud
From secure VPC links to SSO with Elastic CloudFrom secure VPC links to SSO with Elastic Cloud
From secure VPC links to SSO with Elastic CloudElasticsearch
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Elasticsearch
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM? Elasticsearch
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
Public sector keynote
Public sector keynotePublic sector keynote
Public sector keynoteElasticsearch
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudElasticsearch
 
Faster business decisions and collaboration with Workplace Search
Faster business decisions and collaboration with Workplace SearchFaster business decisions and collaboration with Workplace Search
Faster business decisions and collaboration with Workplace SearchElasticsearch
 
Opening keynote | Americas
Opening keynote | AmericasOpening keynote | Americas
Opening keynote | AmericasElasticsearch
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesElasticsearch
 
Using machine learning to detect DGA with >99.9% accuracy
Using machine learning to detect DGA with >99.9% accuracyUsing machine learning to detect DGA with >99.9% accuracy
Using machine learning to detect DGA with >99.9% accuracyElasticsearch
 

What's hot (20)

SIEM, malware protection, deep data visibility — for free
SIEM, malware protection, deep data visibility — for freeSIEM, malware protection, deep data visibility — for free
SIEM, malware protection, deep data visibility — for free
 
Elastic Security keynote
Elastic Security keynoteElastic Security keynote
Elastic Security keynote
 
Using Elastic @ Elastic: InfoSec and Elastic Security
Using Elastic @ Elastic: InfoSec and Elastic SecurityUsing Elastic @ Elastic: InfoSec and Elastic Security
Using Elastic @ Elastic: InfoSec and Elastic Security
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
Faster business decisions and collaboration with Elastic Workplace Search
Faster business decisions and collaboration with Elastic Workplace SearchFaster business decisions and collaboration with Elastic Workplace Search
Faster business decisions and collaboration with Elastic Workplace Search
 
Operationalise with alerting, custom dashboards, and timelines
Operationalise with alerting, custom dashboards, and timelinesOperationalise with alerting, custom dashboards, and timelines
Operationalise with alerting, custom dashboards, and timelines
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
 
Machine learning and the Elastic Stack: Everywhere you need it
Machine learning and the Elastic Stack: Everywhere you need itMachine learning and the Elastic Stack: Everywhere you need it
Machine learning and the Elastic Stack: Everywhere you need it
 
基調講演:より優れた、高速で簡単な検索
基調講演:より優れた、高速で簡単な検索基調講演:より優れた、高速で簡単な検索
基調講演:より優れた、高速で簡単な検索
 
From secure VPC links to SSO with Elastic Cloud
From secure VPC links to SSO with Elastic CloudFrom secure VPC links to SSO with Elastic Cloud
From secure VPC links to SSO with Elastic Cloud
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
 
What is the Future of SIEM?
What is the Future of SIEM? What is the Future of SIEM?
What is the Future of SIEM?
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
 
Public sector keynote
Public sector keynotePublic sector keynote
Public sector keynote
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic CloudTirez pleinement parti d'Elastic grâce à Elastic Cloud
Tirez pleinement parti d'Elastic grâce à Elastic Cloud
 
Faster business decisions and collaboration with Workplace Search
Faster business decisions and collaboration with Workplace SearchFaster business decisions and collaboration with Workplace Search
Faster business decisions and collaboration with Workplace Search
 
Opening keynote | Americas
Opening keynote | AmericasOpening keynote | Americas
Opening keynote | Americas
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
 
Using machine learning to detect DGA with >99.9% accuracy
Using machine learning to detect DGA with >99.9% accuracyUsing machine learning to detect DGA with >99.9% accuracy
Using machine learning to detect DGA with >99.9% accuracy
 

Similar to Using a risk based approach to provide cost-effective security

Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rsRichard Smiraldi
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaPuneet Kukreja
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Haystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network ServicesHaystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network ServicesHaystax Technology
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™CPaschal
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakMarc St-Pierre
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Resolver Inc.
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...
Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...
Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...wardell henley
 
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3Edward Johnson
 
Software Security Metrics
Software Security MetricsSoftware Security Metrics
Software Security MetricsCigital
 
Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAMatt Moneypenny
 

Similar to Using a risk based approach to provide cost-effective security (20)

Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
Auditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseAuditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterprise
 
011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs011918 incident analytics_service_fact_sheet_rs
011918 incident analytics_service_fact_sheet_rs
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Haystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network ServicesHaystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network Services
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...
Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...
Strategies improving-vulnerability-assessment-effectiveness-large-organizatio...
 
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
 
Software Security Metrics
Software Security MetricsSoftware Security Metrics
Software Security Metrics
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRA
 

More from Elasticsearch

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using ElasticElasticsearch
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webElasticsearch
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Elasticsearch
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Elasticsearch
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of findElasticsearch
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiencesElasticsearch
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchElasticsearch
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesElasticsearch
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Elasticsearch
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesElasticsearch
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insightsElasticsearch
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Elasticsearch
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentElasticsearch
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public goodElasticsearch
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticElasticsearch
 
クローラーを迅速に入手:効果的なWebクローラーの作成方法
クローラーを迅速に入手:効果的なWebクローラーの作成方法クローラーを迅速に入手:効果的なWebクローラーの作成方法
クローラーを迅速に入手:効果的なWebクローラーの作成方法Elasticsearch
 

More from Elasticsearch (20)

An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
From MSP to MSSP using Elastic
From MSP to MSSP using ElasticFrom MSP to MSSP using Elastic
From MSP to MSSP using Elastic
 
Cómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios webCómo crear excelentes experiencias de búsqueda en sitios web
Cómo crear excelentes experiencias de búsqueda en sitios web
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas Te damos la bienvenida a una nueva forma de realizar búsquedas
Te damos la bienvenida a una nueva forma de realizar búsquedas
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.Plongez au cœur de la recherche dans tous ses états.
Plongez au cœur de la recherche dans tous ses états.
 
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
Modernising One Legal Se@rch with Elastic Enterprise Search [Customer Story]
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Welcome to a new state of find
Welcome to a new state of findWelcome to a new state of find
Welcome to a new state of find
 
Building great website search experiences
Building great website search experiencesBuilding great website search experiences
Building great website search experiences
 
Keynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified searchKeynote: Harnessing the power of Elasticsearch for simplified search
Keynote: Harnessing the power of Elasticsearch for simplified search
 
Cómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisionesCómo transformar los datos en análisis con los que tomar decisiones
Cómo transformar los datos en análisis con los que tomar decisiones
 
Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud Explore relève les défis Big Data avec Elastic Cloud
Explore relève les défis Big Data avec Elastic Cloud
 
Comment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitablesComment transformer vos données en informations exploitables
Comment transformer vos données en informations exploitables
 
Transforming data into actionable insights
Transforming data into actionable insightsTransforming data into actionable insights
Transforming data into actionable insights
 
Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?Opening Keynote: Why Elastic?
Opening Keynote: Why Elastic?
 
Empowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside GovernmentEmpowering agencies using Elastic as a Service inside Government
Empowering agencies using Elastic as a Service inside Government
 
The opportunities and challenges of data for public good
The opportunities and challenges of data for public goodThe opportunities and challenges of data for public good
The opportunities and challenges of data for public good
 
Enterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and ElasticEnterprise search and unstructured data with CGI and Elastic
Enterprise search and unstructured data with CGI and Elastic
 
クローラーを迅速に入手:効果的なWebクローラーの作成方法
クローラーを迅速に入手:効果的なWebクローラーの作成方法クローラーを迅速に入手:効果的なWebクローラーの作成方法
クローラーを迅速に入手:効果的なWebクローラーの作成方法
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Using a risk based approach to provide cost-effective security

  • 1. COST EFFECTIVE SECURITY A Risk Based Approach
  • 2. COST EFFECTIVE SECURITY A Risk Based Approach
  • 3. Introductions Adam Pena Sr. Information Security Engineer 1 Blaine Stubstad Sr. Information Security Engineer
  • 4. THE STATE OF ARIZONA AT A GLANCE 10+ regulatory frameworks 3 45,000+ State Employees 90+ State Agencies Here we have the State of Arizona at a glance. Because Arizona is a federated environment we have numerous tools, machines, and domains that we need to be able to secure while pulling data from a lot of different environments and normalizing it at scale. Various State agencies have to comply with most regulatory compliance bodies that exist such as HIPAA, PCI, PUB 1075, CJIS, etc
  • 5. Understanding our risks At the State of Arizona we needed to be able to evaluate our security posture and validate we were making good security choices while staying true to our mission, objectives, and obligations which include: ● Improve Statewide Security ● Improve Cost Effectiveness of Security Tools ● Consolidate Vendors ● Increase Statewide Accountability ● Enhance Public Safety ● Foster Innovation ● Leverage Partnerships https://espac.az.gov/ 2
  • 6. The Budget Cycle Which Tools Provide a good value? Because our budget is set 1-2 years in advance, we need to understand how to plan for future threats and which tools are providing a good value ● Budgets must be made over a year in advance ● Any changes need to be done a full fiscal year ahead ● We need to have a toolset which allows us to be able to mitigate the known and unknown threats 4
  • 7. TOOL EFFECTIVENESS How do you plan for threats years in advance? Being able to effectively plan for security threats years in advance means you must be able to effectively adapt to your new threat landscape ● Covid-19 ● Supply Chain Compromise ● Ransomware ● Zero Day Exploits 5
  • 8. RISK ANALYSIS Typical Problem with Risk Analysis One of the biggest issues with risk assessments is typically how subjective the assessment is ● How likely is a threat? ● How effective are safeguards? ● How many machines are actually at risk? 6
  • 9. RISK ANALYSIS What is the rigor put in to evaluate our risks? To combat this we are using larger data sets. More data points should leave less room for subjective interpretations and provide more objective based results. ● Attack Path Modeling ● System Configurations ● Tools installed ● Policies applied within the tools 7
  • 10. Elastic Overview Flow Overview 1 Data is visualized and aggregated into dashboards and reports All of the different data sources are brought into a single place where it is mapped accordingly Alerts and machine learning jobs are run to help reduce “noise” and prioritize security issues and risk Data is brought into Elastic and shipped to the cloud being normalized through the ingest pipelines with ECS DATA SOURCES
  • 11. TOOL EFFECTIVENESS Mapping the Data Large volumes of data are used from hundreds of thousands of data points to generate accurate mapping indexes 1 1 2 3 4 5 Threats are mapped to the Mitre Att&ck model Tactic and Techniques are mapped to the Controls Controls are mapped to the Tools/ Safeguards Safeguards are mapped to devices Devices are mapped with configuration information
  • 12. THREAT INTELLIGENCE Operationalizing threat intelligence After mapping the Safeguards to the ATT&CK Model, we can now look at the data to determine the security value of the Controls. We started by looking at different data sources to find the top attacks, or most frequently occurring, that the state should defend against. Then, we leveraged the ATT&CK Model by creating attack patterns which allowed us to determine the effectiveness of the Safeguards to defend against top attack types. ● Understanding what systems can be impacted ● Can the systems actually be exploited? ● What threats can we detect, prevent, or respond to? 8
  • 13. Operationalizing Risk Operationalizing Risk Results Now that we understand where our risk lies we can operationalize this data ● Which risks can be further mitigated automatically ○ This is where Security Orchestration and Automation can be used to automatically reduce these risks ● We can identify new and emerging threats and understand what risks they will pose at the device level automatically ● We are able to accurately gauge the effectiveness of our security tools to stop threats 9
  • 14. Reducing Costs Understanding the Value We now have a full view of the effectiveness of the tools we have deployed. We can now calculate the utility to cost ratio of our tools ● We can now see which tools reduce what risks and how effectively they do it ● We can identify tools that are costing more but are not actually effectively mitigating threats and reducing risk ● We now have valid evidence for justifying the budget of some tools while looking for other solutions to more effectively reduce risk 10
  • 15. Going Forward Constantly adapting We continue to change which data we give value to and identify trends ● Identifying which threat data sources are providing threats we actually see ● How long does it take us to identify threats and risks and how long to action on them? ● Adjusting our implementations to reduce costs and provide better accountability to the citizens of Arizona 11 Expanding information sharing network The State of Arizona continues to expand the Arizona Cybersecurity Information Program (ACIP) ● Sharing our threat intelling in real time at machine speeds ● Enriching and validating our threat information ● If you are interested in becoming a sharing partner, please feel free to reach out ACIP@AZDPS.GOV
  • 16. Thank You Please feel free to email us with questions or for more information Adam.Pena@azdoa.gov Blaine.Stubstad@azdoa.gov