UNB is taking steps to enhance its cyber security through policy, practices, and technology. The Security Action Team (SAT) provides leadership on security and responds to incidents. UNB faces challenges like thousands of daily security events and over 500 weekly security offenses. A data breach could cost $184 per compromised record. SAT uses threat intelligence sources to analyze malware, affected hosts, intrusion attempts, and security offenses. UNB is moving from tactical security operations to institutional risk management with iterative improvement. Key areas include operations, security operations, threat analysis, policy development, and communications.

1. IT Security @ UNB
How UNB is using policy, practice and technology to enhance cyber security

2. What are we here to talk about?
uUNB’s titanic cyber security struggle
uUse threat intelligence for both tactical
and strategic decisions
uMoving away from playing a losing
game

3. My background
u Bachelor of Arts in Information and Communications
Studies (‘05)
u Former Canadian Army reservist (armoured vehicle driver
& gunner)
u Former reporter for the provincial newspaper
u Former web content strategist for UNB Communications
& Marketing
u Accidental IT Security professional and fortunate member
of an amazing team
u Master of Business Administration (‘15)

4. The Security Action Team (SAT)
uProvides IT security leadership
uFormulates, implements and
coordinates polices, plans and projects
uIncident Response
uAdvises IT security resourcing,
technologies, and community
education.

5. About UNB
u North America’s
oldest English public
university (Est. 1785)
u 11,000 students
u 2,000 FTE Faculty and
Staff
u Hybrid IT environment
(centralized and
decentralized)

6. In defence of “cybersecurity”
Officially, ISO/IEC 27032 addresses “Cybersecurity” or
“Cyberspace security”, defined as the “preservation of
confidentiality, integrity and availability of information in the
Cyberspace”.
In turn “the Cyberspace” (complete with definite article) is
defined as “the complex environment resulting from the
interaction of people, software and services on the Internet
by means of technology devices and networks connected
to it, which does not exist in any physical form”.

8. What I think we do:

9. What clients think we do….

10. Why are universities a target?
u We we’re designed to be open (we’re
easy)
u We have a treasure trove of PII
u We have valuable intellectual property
u We have others valuable intellectual
property
u We are a route into more secure orgs

11. Our challenges
u We average between 83 and 55 attempts per second to
breach our network (massively automated threats)
u We have more than 2.2 million security events daily on our
network
u We have more than 500 offences weekly
u We have as many as 120 compromised endpoints a month
(half of which are students)
u We are the ultimate BYOD environment

12. The cost of a breach
u $184 dollars on average per record in
education, based on figures from a 2014
Ponemon Institute Study

13. Threat Intelligence Sources
u QRadar Security Inteligence Event
Management (SIEM)
u Trend Micro Deep Discovery Malware
detection tool
u Kaspersky Anti-Virus Reporting System
u Government, industry contacts and listservs
u InfoSec News Sources and Social Media

14. Malware CNC CallBacks (30 days)

15. Affected Hosts

16. Threat Patterns

17. Remote Intrusion Attempts Source

18. Remote Intrusion Attempts
Destination

19. Security Offences

20. Moving
beyond
tactical
response

21. UNB’s move to IT Risk Management
Day-to-day IT Operations
IT Security Operations
Threat Analysis, Policy & Procedure Development
IT Risk Management
Maturity

22. Iterative improvement model
Risk
Management
ITOperations
Security
Operations
ThreatAnalysis
Policy&
Procedure
Development

23. The Security Building Blocks
Operations Service Desk
Security Action Team
Communications:
Risk Management, Quality Assurance and Standards Development

24. Service Desk
uHelp Desk escalates
threats to SAT
uAssists with user
education
uDesktop Group helps
harden end points and
triage compromises

25. Operations
uSystems and Network
monitoring, reporting
of threats, ensuring
patching and
reporting policy or
procedure
compliance issues.
Participates in
incident response.

26. Communications
u Assists with development and execution of
user awareness and culture change
campaigns.
u Assists with developing and executing
incident communications

27. Security and Operations
u Operations: Trying to keep the lights on
u IT Security: ensuring compliance with protective measures
u Critical to avoid ineffective communications. Security and
Operations groups in IT have different goals and in some
cases cultures. Critical to ensure alignment with overall IT
Strategy

28. The cross-functional workflow
Client provides
username and
password in phishing
attempt
Help Desk or Level One
advises + assists client
with safe password reset
IT Security initiates
incident investigation
Operations staff
engaged to assist with
log review / access
checks
UNB Privacy Officer
engaged in event of a
potential data breach
Client advised of
investigation,
encouraged to take
awareness course

29. What fighter jets in the Korean War
can teach us about cybersecurity

30. A harsh truth:
uSimply buying the latest
and greatest big shiny
security technology will
not make your
organization safer

31. Security Strategy Pillars
Security Strategy
IT Security Policy
Data Governance
Security Architecture:
Tools, People, Process
Culture Change:
User Awareness +
Behaviour Change

32. Translating Cyber Security-ese to
Business-ese

33. Making the case
Where
cybersecurity
fits in Porter’s
Value Chain

34. The disconnect between threat
awareness and concern about threats

35. Do you believe your organization has an accurate
picture on the threats it faces on a daily basis?

36. 61%
weren’t sure or weren’t confident

37. How concerned are you about an
attack leading to a data breach?

38. 65%
very concerned

39. We need to change the
cybersecurity story.

40. Questions?