Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Socio-technical Secuirty Value Chain

160 views

Published on

Discusses how to improve security on the internets

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Socio-technical Secuirty Value Chain

  1. 1. A Framework and Prototype for A Socio-Technical Security Information and Event Management System ST-SIEM Bilal AlSabbagh Department of Computer and Systems Science Stockholm University Stockholm, Sweden bilal@dsv.su.se Stewart Kowalski Norwegian Information Security Lab Center for Cyber and Information Security Norwegian University of Science and Technology Gjøvik, Norway stewart.kowalski@ntnu.no
  2. 2. 2 Outline 19 slides 15 minutes! • Personal Introductions – Industrial Doctoral Student 1 slide – A very old jaded Cyber Security (Knowledge) Worker (3 slides ) • Meta Goal and Goal $ – (5 minutes - 6 slides) • Problem(s) and Background (s) – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
  3. 3. Bilal Al Sabbagh • Academic Credentials: – PhD Candidate, DSV, Stockholm University – Research Interests: • Social aspects of information security, security culture – Academic Degrees • MSc Information and Communication Systems Security, KTH, 2006 • BSc Computer Engineering, 2002 • Industrial Credentials – Information and Network Security Consultant at – Works full time with the security on the dot sa (Saudia Arabia), – Industrial Credentials • CISSP, CISA, CCSP, CCNA 3 10/2/2016 Bilal Al Sabbagh, - DSV
  4. 4. 4JAG= A CUP THAT RUNNETH OVER My research work and industrial work in security stretch over 30 years and include both theoretical and empirical research in security and product and services.
  5. 5. 5INDUSTRIAL VS UNIVERSITY WORK Deal with complex problems. Must give simple solutions. Deal with simple problems. Must give complex solutions. As a Professor “Swedish rumpnisse” in Norway I have earned the right to ask simple questions and give complex answers!
  6. 6. 6 IT/IS SECURITY VALUE CHAIN Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988
  7. 7. 7 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  8. 8. 8 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  9. 9. 9 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  10. 10. 10 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
  11. 11. 11 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Econmics IT/IS SECURITY VALUE CHAIN
  12. 12. 12 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
  13. 13. 13 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Associate Professor 17 May 2010 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
  14. 14. 14 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Full time academic 1st April 2011 Associate Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Business Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
  15. 15. Meta Goal of The Research • 7 year industrial doctoral research plan to investigate how best to add value $ to the socio- technical global cyber security value chain. In system X
  16. 16. Concrete Goal Open Source Security Event Management Systems- How to make it socio-technically efficient and or/Cheaper?
  17. 17. A Value Chain is • the interconnect group of industry participants that collectively create value for the end user. • If technologies or services are to succeed they must deliver financial or operational value at every stage of the chain. • For any technology or service to be adopted, each element on the chain must add value for the next element. Ref: The strategic Implications of Computing and the Internet on Wireless: The Competitive Blur Through 2008, Herschel Schoteck Associates. ) Meta-Goal
  18. 18. Security Spending Mental Models IT Workers individuals (Saudi Arabia) Personal Organizational Natiional Spending /Priority Deter Prevent Detect Correct Recover 18Bilal Al Sabbagh, Stewart Kowalski - DSV
  19. 19. Comparing Swedish and Norwegian Bank’s Security Value Chain Oct 2011
  20. 20. 20 Concrete Value Chain Hardware Software Systems Services “the primary defining concept in a value chain is what the customer is willing to pay for” Porter 1985 The Competitive Advantage
  21. 21. Security Value Chain Concrete $ View Hardware Software System ServicesBuyers Total global market size for e-business security products in $ millions (2000–2005) 2000 2001 2002 2003 2004 2005 Access security 940 2,160 4,830 7,850 12,690 16,120 Communication security 810 1,610 2,970 4,680 7,340 9,040 Content security 660 1,300 2,390 3,700 5,660 6,910 Security Management 700 1,520 2,790 4,460 9,490 11,820 Services 410 1,020 2,390 4,610 9,050 14,780 Total 3,520 7,610 15,370 25,300 44,230 58,670 $ Security Incident Event Management Systems and Services $
  22. 22. Outline • Goal and Meta Goal $ – (5 minutes - 6 slides) • Concrete Problem and Background – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
  23. 23. National Computer Emergency Response Teams (CERT)s Role • Support organizations with security incident response capabilities • Provide actionable security information • Utilize several tools (SIEMs and others) for effectiveness and efficiency • Collects; prepare; process; enrich ; disseminate security information Background
  24. 24. Problems with Security Event Management Reduce False positives by ABC = Always be contextualizing Ref : https://www.linkedin.com/pulse/contextualization-security-analytics-niranjan-mayya Hardware Software System ServicesBuyers $ Security Incident Event Management Systems and Services $
  25. 25. ENISA HIGHLIGHTS • Actionable information disseminated by CERTs are not equally relevant (or even actionable) to constituents • Challenges for security managers how to respond to this information using their information security management systems (ISMS) Problem CERT.SE Company X SIEM Company X ISMS
  26. 26. Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 6 slides) • Questions and Next Steps – 5 minutes 2-slides
  27. 27. Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  28. 28. Paper contribution 1 • Framework for a socio-technical SIEM to improve security response at organizations
  29. 29. Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  30. 30. Framework for information security risk management and escalation Combination of NIST and ISO Frameworks
  31. 31. Risk escalation maturity levels Non- existent Repeatable Defined Managed Optimized Risk Escalation Maturity Awareness Responsibility Reporting Policies/Standards Knowledge/education Procedures/tools
  32. 32. Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  33. 33. Security Event: Managed organization firewall has rejected a connection from a source host to the destination organization asset because the configured per-client connections limit was exceeded. Priority: 1 of 5 Reliability: 1 of 10 Targeted asset value: 4 of 5 (Asset in this case was the DNS server) Risk factor: 4 x 1 x 1 /25 = 0.16 of 10 Contribution 3 Page 73 of the user guide https://www.alienvault.com/doc-repo/usm/v5/USM-v5-User-Guide.pdf
  34. 34. 34 Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 4 slides) • Next Steps and Your Suggestion Questions – 5 minutes 2-slides
  35. 35. Next Step Desk-Top/Ex-Post Risk Scenario Test of Socio-technical Correlation Engine Risk factor = f (security event technical attributes, organization risk escalation maturity level) ? EX-post Ex-Ante Risk Scenari o ? CERT.X Org ML3 Org ML3..MLN
  36. 36. A global Socio-Technical cyber security Warning Systems 36 >?<

×