Metrics, Risk Management & DLP
a step by step approach




Rob Kloots
Vice-President ISSA-NL (2009)
Webmaster ISSA-BE (200...
Agenda
•   Do we have a Data Loss Problem?
•   What can we do?
•   Compliance Security Framework
•   Risk Management
•   D...
Firefighting DLP incidents                DLP



• DLP more then a Gartner-hype
• DLP key to GRC




• DLP incidents are a...
Adopt, Adapt, Improve
•   Firefighting
    ===========
•   Maturity level
•   What Measures?
•   Learning Management Syste...
Maturitylevels
• Predefined business process
• Clear goals/performance requirements
• Quantitative/qualitative measures

 ...
Compliance Security Framework
• A Compliance Security Framework should allow for team-effort
  for both
• Mgt (2) and oper...
Metrics - 1
• Metrics are simply a standard or system of measurement
• Metric - A quantitative measure of the degree to wh...
Metrics - 2
• Characteristics & Classification
• Process metrics
   – CSFs, KGIs and KPIs
• Asset related vulnerability me...
Measures
• Measure - To ascertain or appraise by comparing to a
  standard [1]. A standard or unit of measurement; the ext...
Achieveable Markerpoints
• How to set
• Where to use
• Purpose




                           10
Risk Management - 1



                                 Qualitative
            Quantitative



                          ...
Risk Management - 2




                      12
Risk Management - 3
Threat Materialisation

                         DLP MEASURES




                                  13
Risk Management - 4

                       Management Review



                              Risk
                      ...
Data Loss Prevention System
•   1. Introduction to the DLPS                     10%
•   2. Creating the Asset Inventory   ...
DLP metrics program:
•   1. Define the metrics program goal(s) and objectives
•   2. Decide which metrics to generate
•   ...
DLP Controls

  SANS Critical Security Controls
  •   1: Inventory of Authorized and Unauthorized Devices
  •   2: Invento...
DLP metrics
• Incident Management
    o   Mean-Time to Incident Discovery
    o   Number of Data Leakage Incidents
    o  ...
Questions, please!




                     19
Upcoming SlideShare
Loading in …5
×

Metrics, Risk Management & DLP

3,849 views

Published on

Metrics, Risk Management and DLP.
In order to Prevent Data Loss, the organisation needs Metrics and a Risk Management approach.

Published in: Technology, Business

Metrics, Risk Management & DLP

  1. 1. Metrics, Risk Management & DLP a step by step approach Rob Kloots Vice-President ISSA-NL (2009) Webmaster ISSA-BE (2009+10) Owner CSF b.v. - GRC Consulting Rob.Kloots@csf.nl
  2. 2. Agenda • Do we have a Data Loss Problem? • What can we do? • Compliance Security Framework • Risk Management • DLP 2
  3. 3. Firefighting DLP incidents DLP • DLP more then a Gartner-hype • DLP key to GRC • DLP incidents are a given fact of operations • If or When? 3
  4. 4. Adopt, Adapt, Improve • Firefighting =========== • Maturity level • What Measures? • Learning Management System Adopt o Metrics, o Measures, and o Markerpoints. Improve Adapt 4
  5. 5. Maturitylevels • Predefined business process • Clear goals/performance requirements • Quantitative/qualitative measures Quantitatively Managed Defined Managed Performed Incomplete 5
  6. 6. Compliance Security Framework • A Compliance Security Framework should allow for team-effort for both • Mgt (2) and operators(3) to enter into a learning system • with respect to Compliance & Risk based security measures (1). 1 CSF 2 3 6
  7. 7. Metrics - 1 • Metrics are simply a standard or system of measurement • Metric - A quantitative measure of the degree to which a system, component, or process possesses a given attribute [2]. A calculated or composite indicator based upon two or more measures. A quantified measure of the degree to which a system, component, or process possesses a given attribute [3]. 7
  8. 8. Metrics - 2 • Characteristics & Classification • Process metrics – CSFs, KGIs and KPIs • Asset related vulnerability metrics – What value has Data, when static, dynamic, owned, stored, lost • Monetary value of Reputation – ? Market Capitalisation – ! Value of assets in Euro – ! Total asset value at Risk 8
  9. 9. Measures • Measure - To ascertain or appraise by comparing to a standard [1]. A standard or unit of measurement; the extent, dimensions, capacity, etc., of anything, especially as determined by a standard; an act or process of measuring; a result of measurement [3]. A related term is Measurement - The act or process of measuring. A figure, extent, or amount obtained by measuring [1]. The act or process of measuring something. Also a result, such as a figure expressing the extent or value that is obtained by measuring [3]. 9
  10. 10. Achieveable Markerpoints • How to set • Where to use • Purpose 10
  11. 11. Risk Management - 1 Qualitative Quantitative RM mechanics Mgt info 11
  12. 12. Risk Management - 2 12
  13. 13. Risk Management - 3 Threat Materialisation DLP MEASURES 13
  14. 14. Risk Management - 4 Management Review Risk Treatment Corrective / Plans for Preventative Program / Project Action / Action 14
  15. 15. Data Loss Prevention System • 1. Introduction to the DLPS 10% • 2. Creating the Asset Inventory 8% • 3. Establishing DLP Risk Management process 8% • 4. Establish a Continual Improvement process 10% • 5. Developing Documentation 5% • 6. Establishing a Legal Registry process 8% • 7. Establishing a Compliance Management process 5% • 8. Establishing an Audit process 10% • 9. Establishing a Governance process 10% • 10. Establishing DLP testing process 8% • 11. Establishing the Incident Response process 8% • 12. Establishing Training & Awareness process 10% 15
  16. 16. DLP metrics program: • 1. Define the metrics program goal(s) and objectives • 2. Decide which metrics to generate • 3. Develop strategies for generating the metrics • 4. Establish benchmarks and targets • 5. Determine how the metrics will be reported • 6. Create an action plan and act on it, and • 7. Establish a formal program review/refinement cycle 16
  17. 17. DLP Controls SANS Critical Security Controls • 1: Inventory of Authorized and Unauthorized Devices • 2: Inventory of Authorized and Unauthorized Software • 3: Secure Configurations for Hardware and Software on Laptops, WorkstationsCritical, and Servers • 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Control 15 Metric • 5: Boundary Defense • 6: Maintenance, Monitoring, and Analysis of Audit Logs Control 15Test • 7: Application Software Security • 8: Controlled Use of Administrative Privileges • 9: Controlled Access Based on Need to Know • 10: Continuous Vulnerability Assessment and Remediation • 11: Account Monitoring and Control • 12: Malware Defenses • 13: Limitation and Control of Network Ports, Protocols, and Services • 14: Wireless Device Control • 15: Data Loss Prevention 17
  18. 18. DLP metrics • Incident Management o Mean-Time to Incident Discovery o Number of Data Leakage Incidents o Mean-Time Between Security Incidents o Mean-Time to Incident Recovery • Vulnerability Management • Patch Management • Application Security • Configuration Management • Financial Metrics 18
  19. 19. Questions, please! 19

×