Bob Maley, profile picture
Uploaded byBob Maley
343 views

2010 Sc World Congress Nyc

This document discusses strategies for data protection and cybersecurity. It advocates taking a strategic rather than tactical approach that is driven by business needs rather than vendors. It emphasizes the importance of understanding threats, vulnerabilities, and risks; developing comprehensive protection strategies; operationalizing security; and continuously evaluating and improving security measures. The overall message is that effective cybersecurity requires understanding the environment, threats, and business needs in order to develop and execute holistic, risk-based strategies.

Related topics:
Data Protection Practices

Embed presentation

Downloaded 10 times
Data Protection Strategy  Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania
Cyber Protection Strategy StrategicCISO.com  Tactical or Strategic?  Vendor Driven  or business driven  Reactive  or proactive
The trouble is that criminals seem to be able to stay one step ahead, and the law- abiding have to spend to much time trying to catch up – Nigel Phair, Cybercrime, The Reality of the Threat, page 178 StrategicCISO.com
Securing Endpoints? StrategicCISO.com  Data wants to be free  What are your endpoints  Data classification It’s what you don’t know you don’t know that gets you  Email  Business Processes  Data transfers
It’s in the cloud already StrategicCISO.com  Google  Amazon  Web Services
Security Trends – Current View StrategicCISO.com- CONFIDENTIAL - Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] Security Information and Event Management • Alerts • Log Mgt • Event Correlation • Compliance Certification Governance Risk and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting
 Scanning (web and/or network) products identify potential weaknesses – Data overload including false positives/negatives – not most critical threats – Does not prove exploitability, limited-view point solution, single vector  IT-GRC gathers information to aggregate and report – Mostly used for higher-level policy and governance with little “R”  SIEM aggregates real data, dash-boarding, drill-down, etc. – SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell you if your defenses are working – Operational data, not situational. Just incidents or log data from past events  Security Risk Mgmt is simulator/model – Correlates scanned, imported and entered data to infer highest risk vulnerabilities, doesn’t do actual testing – Network only and works on models vs. a real test of the security  DLP detects and prevents transmission of confidential information To date, the critical challenge of how to provide insight into actual risks across multiple layers of infrastructure still remains!StrategicCISO.com
Security – Future View StrategicCISO.com- CONFIDENTIAL - Endpoint Suites Network UTM Application Security Vulnerability Management IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee [Other Point Products] Comprehensive Security Test and Measurement •Verify and Validate Security Controls •Measure Real-world Threat Readiness •Measure Security Effectiveness Security Information and Event Management • Alerts • Log Mgt • Event Correlation • Compliance Certification Governance Risk and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting
Cyber Strategy Musings (WordPress)  The Key of Knowledge – Book 2  The second area of knowledge in this key is “Knowing your environment”.  By Extension – Know Your Strategy Know your Strategy StrategicCISO.com
Your Guide StrategicCISO.com
What are your critical business assets? Data / Asset Classification You can’t protect everything Focus on the most important assets Key of Knowledge StrategicCISO.com
 Anti-Virus and Firewalls are not enough Evaluate your existing controls StrategicCISO.com
Compliance Checklists are not enough  Network Solutions was PCI compliant before breach Angela Moscaritolo, July 27, 2009  Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information.  http://www.scmagazineus.com/network-solutions- was-pci-compliant-before-breach/article/140642/ Evaluate your existing controls StrategicCISO.com
 Layered Security – The Castle Model Evaluate your existing controls StrategicCISO.com
 The Symantec Global Internet Threat Report, which covers trends in 2009, says attackers are aggressively targeting employees' social networking profiles to help target key personnel inside targeted companies. Meanwhile, Web-based attacks targeting PDF views accounted for half of all Web-based attacks last year, up from 11 percent in 2008.  And malware creation increased thanks to more automated tools, according to Symantec, which says it identified more than 240 million new malware programs last year, a 100 percent increase over 2008 Understand the threat Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009 Apr 20, 2010 By Kelly Jackson Higgins DarkReading http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064
 Insider Threats Understand the threat StrategicCISO.com
U.S. government agencies have been bracing for a deluge of thousands more classified documents since the leak of helicopter cockpit video of a 2007 firefight in Baghdad. That was blamed on a U.S. Army intelligence analyst, Spc. Bradley Manning, 22, of Potomac, Md. He was charged with releasing classified information this month. Manning had bragged online that he downloaded 260,000 classified U.S. cables and transmitted them to Wikileaks.org. Officials Scramble to Review Emerging Afghan War Documents for 'Damage' Published July 26, 2010 | FoxNews.com http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/ Understand the Threat StrategicCISO.com
 Know your threat matrix Understand the threat StrategicCISO.com
 Determine your organizations risk tolerance  Know your vulnerabilities  Understand how the threats apply Develop your Risk Strategy StrategicCISO.com
Compliance requirements Protect your valuable data Put systems in place that protect your data as it moves Proactive intelligence on your environment Discover your real vulnerabilities Break the malware cycle Develop your protection Strategy
The barbarians will get in StrategicCISO.com
 Operationalize Security  Use Managed Services / Cloud Services where practicable  Use automated systems Understand the overhead StrategicCISO.com
Complexity can break security StrategicCISO.com
 Be an enabler of business  Connect to your Enterprise Risk Management  Show how it affects the bottom line Understand your organization’s business need StrategicCISO.com
 Response and remediation  Robust Incident Response Plan  Response not react  Don’t merely remediate Execute StrategicCISO.com
 Real time Protection  Find the barbarians that get past the gate  New Technologies Execute StrategicCISO.com
Execute - Test StrategicCISO.com
 Col. John Boyd’s OODA Loop Evaluate StrategicCISO.com
Metrics  INCREASING CYBER-SITUATIONAL AWARENESS VIA ENTERPRISE METRICS  Core Security Technologies Blog  Today’s ferocious cybersecurity environment is dynamic. One of the challenges that organizations, both public and private sector, have encountered in attempting to mature their IT security and risk management plans has been a lack of methods to calculate truly relevant metrics that would allow for them to better understand and benchmark their security standing over time. http://blog.coresecurity.com/2010/04/29/increasing- cyber-situational-awareness-via-enterprise-level-metrics/ Evaluate StrategicCISO.com
The Future of Data Protection StrategicCISO.com
 Contact Information Bob.Maley@StrategicCISO.com Questions

More Related Content

PDF
Guide to high volume data sources for SIEM
byJoseph DeFever
 
PDF
What CIOs Need To Tell Their Boards About Cyber Security
byKaryl Scott
 
PPT
Shaping Your Future in Banking Cybersecurity
byDawn Yankeelov
 
PPTX
10 Critical Corporate Cyber Security Risks
byHeimdal Security
 
PDF
Dealing with Information Security, Risk Management & Cyber Resilience
byDonald Tabone
 
PPTX
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
byTripwire
 
PDF
Bit defender ebook_secmonitor_print
byjames morris
 
PDF
Cybersecurity After WannaCry: How to Resist Future Attacks
byStrategy&, a member of the PwC network
 
Guide to high volume data sources for SIEM
byJoseph DeFever
 
What CIOs Need To Tell Their Boards About Cyber Security
byKaryl Scott
 
Shaping Your Future in Banking Cybersecurity
byDawn Yankeelov
 
10 Critical Corporate Cyber Security Risks
byHeimdal Security
 
Dealing with Information Security, Risk Management & Cyber Resilience
byDonald Tabone
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
byTripwire
 
Bit defender ebook_secmonitor_print
byjames morris
 
Cybersecurity After WannaCry: How to Resist Future Attacks
byStrategy&, a member of the PwC network
 

What's hot

PDF
CISO-Fundamentals
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
PDF
Protective Intelligence
bywbesse
 
DOCX
So you want to be a CISO - 5 steps to Success
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
PPTX
Managing Enterprise Risk: Why U No Haz Metrics?
byJohn D. Johnson
 
PPTX
Information Security Management System in the Banking Sector
bySamvel Gevorgyan
 
PPT
Role of The Board In IT Governance & Cyber Security-Steve Howse
byCGTI
 
PDF
Mobile Security: 5 Steps to Mobile Risk Management
byDMIMarketing
 
PDF
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
byShawn Tuma
 
PPTX
The Benefits of Security From a Managed Services Provider
byCSI Solutions
 
PDF
Security Framework for Digital Risk Managment
bySecurestorm
 
PPTX
10 Steps to Better Security Incident Detection
byTripwire
 
PPTX
Security Best Practices for Small Business
byValiant Technology
 
PDF
Securing the Cloud by Matthew Rosenquist 2016
byMatthew Rosenquist
 
PPTX
Vendor Landscape: Email Security Gateway
byInfo-Tech Research Group
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PDF
Journey to cyber resilience
byAndrew Bycroft
 
PDF
Avoiding The Seven Deadly Sins of IT
byEnvision Technology Advisors
 
PDF
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
byBen Browning
 
PPTX
Cyber risk tips for boards and executive teams
byWynyard Group
 
CISO-Fundamentals
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
Protective Intelligence
bywbesse
 
So you want to be a CISO - 5 steps to Success
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
Managing Enterprise Risk: Why U No Haz Metrics?
byJohn D. Johnson
 
Information Security Management System in the Banking Sector
bySamvel Gevorgyan
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
byCGTI
 
Mobile Security: 5 Steps to Mobile Risk Management
byDMIMarketing
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
byShawn Tuma
 
The Benefits of Security From a Managed Services Provider
byCSI Solutions
 
Security Framework for Digital Risk Managment
bySecurestorm
 
10 Steps to Better Security Incident Detection
byTripwire
 
Security Best Practices for Small Business
byValiant Technology
 
Securing the Cloud by Matthew Rosenquist 2016
byMatthew Rosenquist
 
Vendor Landscape: Email Security Gateway
byInfo-Tech Research Group
 
Building an effective Information Security Roadmap
byElliott Franklin
 
Journey to cyber resilience
byAndrew Bycroft
 
Avoiding The Seven Deadly Sins of IT
byEnvision Technology Advisors
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
byBen Browning
 
Cyber risk tips for boards and executive teams
byWynyard Group
 

Similar to 2010 Sc World Congress Nyc

PDF
Security - intelligence - maturity-model-ciso-whitepaper
byCMR WORLD TECH
 
PDF
idg_secops-solutions
byJonny Nässlander
 
PDF
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
byWithum
 
PDF
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
byPlus Consulting
 
PDF
Cyber security as a strategic imperative web
bySevenOf9
 
PPTX
Your cyber security webinar
byEmpired
 
PPTX
Your cyber security webinar
byIntergen
 
PPTX
Operational Security Intelligence
bySplunk
 
PDF
Introduction to Cyber Resilience
byPeter Wood
 
PPTX
Stay Ahead of Threats with Advanced Security Protection - Fortinet
byMarcoTechnologies
 
PPTX
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
PPTX
NRF Presentation v2
byPete Pouridis
 
PDF
Hunting for cyber threats targeting weapon systems
byFidelis Cybersecurity
 
PPSX
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
byJames Mulhern
 
PDF
[Bucharest] Attack is easy, let's talk defence
byOWASP EEE
 
PDF
Road map for actionable threat intelligence
byabhisheksinghcs
 
PPTX
CRI "Lessons From The Front Lines" March 26th Dublin
byOCTF Industry Engagement
 
PPT
Open Source Intelligence Overview
bybpeacher
 
PDF
Dynamic Defense
byBooz Allen Hamilton
 
PDF
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
byStephanie McVitty
 
Security - intelligence - maturity-model-ciso-whitepaper
byCMR WORLD TECH
 
idg_secops-solutions
byJonny Nässlander
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
byWithum
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
byPlus Consulting
 
Cyber security as a strategic imperative web
bySevenOf9
 
Your cyber security webinar
byEmpired
 
Your cyber security webinar
byIntergen
 
Operational Security Intelligence
bySplunk
 
Introduction to Cyber Resilience
byPeter Wood
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
byMarcoTechnologies
 
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
NRF Presentation v2
byPete Pouridis
 
Hunting for cyber threats targeting weapon systems
byFidelis Cybersecurity
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
byJames Mulhern
 
[Bucharest] Attack is easy, let's talk defence
byOWASP EEE
 
Road map for actionable threat intelligence
byabhisheksinghcs
 
CRI "Lessons From The Front Lines" March 26th Dublin
byOCTF Industry Engagement
 
Open Source Intelligence Overview
bybpeacher
 
Dynamic Defense
byBooz Allen Hamilton
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
byStephanie McVitty
 

2010 Sc World Congress Nyc

  • 1.
    Data Protection Strategy  BobMaley, CEO, Strategic CISO & former CISO, State of Pennsylvania
  • 2.
    Cyber Protection Strategy StrategicCISO.com Tactical or Strategic?  Vendor Driven  or business driven  Reactive  or proactive
  • 3.
    The trouble isthat criminals seem to be able to stay one step ahead, and the law- abiding have to spend to much time trying to catch up – Nigel Phair, Cybercrime, The Reality of the Threat, page 178 StrategicCISO.com
  • 4.
    Securing Endpoints? StrategicCISO.com  Datawants to be free  What are your endpoints  Data classification It’s what you don’t know you don’t know that gets you  Email  Business Processes  Data transfers
  • 5.
    It’s in thecloud already StrategicCISO.com  Google  Amazon  Web Services
  • 6.
    Security Trends –Current View StrategicCISO.com- CONFIDENTIAL - Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] Security Information and Event Management • Alerts • Log Mgt • Event Correlation • Compliance Certification Governance Risk and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting
  • 7.
     Scanning (weband/or network) products identify potential weaknesses – Data overload including false positives/negatives – not most critical threats – Does not prove exploitability, limited-view point solution, single vector  IT-GRC gathers information to aggregate and report – Mostly used for higher-level policy and governance with little “R”  SIEM aggregates real data, dash-boarding, drill-down, etc. – SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell you if your defenses are working – Operational data, not situational. Just incidents or log data from past events  Security Risk Mgmt is simulator/model – Correlates scanned, imported and entered data to infer highest risk vulnerabilities, doesn’t do actual testing – Network only and works on models vs. a real test of the security  DLP detects and prevents transmission of confidential information To date, the critical challenge of how to provide insight into actual risks across multiple layers of infrastructure still remains!StrategicCISO.com
  • 8.
    Security – FutureView StrategicCISO.com- CONFIDENTIAL - Endpoint Suites Network UTM Application Security Vulnerability Management IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee [Other Point Products] Comprehensive Security Test and Measurement •Verify and Validate Security Controls •Measure Real-world Threat Readiness •Measure Security Effectiveness Security Information and Event Management • Alerts • Log Mgt • Event Correlation • Compliance Certification Governance Risk and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting
  • 9.
    Cyber Strategy Musings (WordPress) The Key of Knowledge – Book 2  The second area of knowledge in this key is “Knowing your environment”.  By Extension – Know Your Strategy Know your Strategy StrategicCISO.com
  • 10.
  • 11.
    What are yourcritical business assets? Data / Asset Classification You can’t protect everything Focus on the most important assets Key of Knowledge StrategicCISO.com
  • 12.
     Anti-Virus and Firewallsare not enough Evaluate your existing controls StrategicCISO.com
  • 13.
    Compliance Checklists arenot enough  Network Solutions was PCI compliant before breach Angela Moscaritolo, July 27, 2009  Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information.  http://www.scmagazineus.com/network-solutions- was-pci-compliant-before-breach/article/140642/ Evaluate your existing controls StrategicCISO.com
  • 14.
     Layered Security– The Castle Model Evaluate your existing controls StrategicCISO.com
  • 15.
     The SymantecGlobal Internet Threat Report, which covers trends in 2009, says attackers are aggressively targeting employees' social networking profiles to help target key personnel inside targeted companies. Meanwhile, Web-based attacks targeting PDF views accounted for half of all Web-based attacks last year, up from 11 percent in 2008.  And malware creation increased thanks to more automated tools, according to Symantec, which says it identified more than 240 million new malware programs last year, a 100 percent increase over 2008 Understand the threat Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009 Apr 20, 2010 By Kelly Jackson Higgins DarkReading http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064
  • 16.
     Insider Threats Understandthe threat StrategicCISO.com
  • 17.
    U.S. government agencieshave been bracing for a deluge of thousands more classified documents since the leak of helicopter cockpit video of a 2007 firefight in Baghdad. That was blamed on a U.S. Army intelligence analyst, Spc. Bradley Manning, 22, of Potomac, Md. He was charged with releasing classified information this month. Manning had bragged online that he downloaded 260,000 classified U.S. cables and transmitted them to Wikileaks.org. Officials Scramble to Review Emerging Afghan War Documents for 'Damage' Published July 26, 2010 | FoxNews.com http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/ Understand the Threat StrategicCISO.com
  • 18.
     Know yourthreat matrix Understand the threat StrategicCISO.com
  • 19.
     Determine yourorganizations risk tolerance  Know your vulnerabilities  Understand how the threats apply Develop your Risk Strategy StrategicCISO.com
  • 20.
    Compliance requirements Protect yourvaluable data Put systems in place that protect your data as it moves Proactive intelligence on your environment Discover your real vulnerabilities Break the malware cycle Develop your protection Strategy
  • 21.
    The barbarians willget in StrategicCISO.com
  • 22.
     Operationalize Security Use Managed Services / Cloud Services where practicable  Use automated systems Understand the overhead StrategicCISO.com
  • 23.
    Complexity can breaksecurity StrategicCISO.com
  • 24.
     Be anenabler of business  Connect to your Enterprise Risk Management  Show how it affects the bottom line Understand your organization’s business need StrategicCISO.com
  • 25.
     Response andremediation  Robust Incident Response Plan  Response not react  Don’t merely remediate Execute StrategicCISO.com
  • 26.
     Real timeProtection  Find the barbarians that get past the gate  New Technologies Execute StrategicCISO.com
  • 27.
  • 28.
     Col. JohnBoyd’s OODA Loop Evaluate StrategicCISO.com
  • 29.
    Metrics  INCREASING CYBER-SITUATIONAL AWARENESSVIA ENTERPRISE METRICS  Core Security Technologies Blog  Today’s ferocious cybersecurity environment is dynamic. One of the challenges that organizations, both public and private sector, have encountered in attempting to mature their IT security and risk management plans has been a lack of methods to calculate truly relevant metrics that would allow for them to better understand and benchmark their security standing over time. http://blog.coresecurity.com/2010/04/29/increasing- cyber-situational-awareness-via-enterprise-level-metrics/ Evaluate StrategicCISO.com
  • 30.
    The Future ofData Protection StrategicCISO.com
  • 31.