Priyanka Aash, profile picture
Uploaded byPriyanka Aash
PDF, PPTX3,810 views

Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration

The City of Los Angeles is establishing an Integrated Security Operations Center (ISOC) to enhance cybersecurity collaboration across its various departments, addressing challenges like understaffing and minimal collaboration tools. Mayor Eric Garcetti emphasizes the goal of having a dedicated team for rapid response to cyber threats, alongside improved threat intelligence and situation awareness. The ISOC aims to integrate diverse security operations and utilize advanced technologies to enhance the city's cybersecurity posture.

Embed presentation

Download as PDF, PPTX
SESSION ID: #RSAC TIMOTHY LEE INTEGRATED SECURITY OPERATIONS CENTER (ISOC) FOR CYBERSECURITY COLLABORATION STR-F03 CHIEF INFO SECURITY OFFICER CITY OF LOS ANGELES
#RSAC Background – City of Los Angeles 2 4 Million people, 465 sq mi, 15 Council District 2nd largest city in US Employment: 1.81 million Annual visitors: 42.21 Million 43 departments, 35,000 FTE Port of LA, Airport, Water and Power (3 Proprietary Departments) managing their own networks Information Technology Agency (ITA) manages the rest
#RSAC Mayor’s Executive Directive on Cybersecurity 3 “I’m creating this Cyber Intrusion Command Center (CICC) so that we have a single, focused team responsible for implementing enhanced security standards across city departments and serving as a rapid reaction force to cyber-attacks,” Mayor Eric Garcetti
#RSAC Business Challenge 4 IT Security Team is understaffed Dispersed log capturing capabilities Minimal use of collaboration tools Lack of Incident Management platform No integrated threat intelligence program Limited situation awareness (SA) and operational metrics for City as a whole Imbalance in Detection and Response capability “Siloed” SOCs/NOCs
#RSAC Solution 5 Integrated Security Operations Center (ISOC)
#RSAC Know yourself, Know the enemy 6 “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” ― Sun Tzu, The Art of War
#RSAC Know yourself, Know your Enemy 7 Know Enemy Threat Intelligence (TI) Know Yourself Situation Awareness (SA)
#RSAC Integrated Security Operations Center 8 Situation Awareness (SA) Threat Intelligence Program (TIP) Integrated Security Operations Center (ISOC)
#RSAC Situation Awareness 9 Knowing What is going on
#RSAC What is Situation Awareness ? 10 Situation Awareness (SA) is the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Mica Endsley, 1988
#RSAC Endsley SA Model 11 Situation Awareness Level 1 Perception Level 2 Comprehension Level 3 Projection Decision ActionState Of The Environment
#RSAC Situation Awareness 12 PERCEPTION •Log Collection •Threat Intel Feeds •SOC Incident Feeds •Security Posture Dashboard COMPREHENSION •Event Correlation and Analysis •Threat Intelligence Analysis PROJETION •Pattern Matching •Threat Forecast
#RSAC What Is Threat Intelligence (TI)? 13 Centre for the Protection of National Infrastructure cpni.gov.uk
#RSAC What is Threat Intelligence? 14 Specific Meaningful Actionable Relevant Timely
#RSAC Threat Intelligence Sharing 15 Internal – SOCs, NOCs, Sysadmins, CIRTs External – Trusted partners, Law Enforcements, Vendors Standards – IODEF, YARA, OpenIOC, IF-MAP, STIX, TAXII, VERIS, CyBOX, TLP, OTX, CIF etc.
#RSAC City of Los Angeles Integrated Security Operations Center 16
#RSAC Security Operations Center (SOC) 17 Staff Tools & Technology Facility Processes & Procedures SOC
#RSAC Integrated Security Operations Center (ISOC) 18 Threat Intelligence Services FBI Cyberhood MS-ISAC DHS/USSS SOCs SIEM NOCs Logs Access Control Fire Alarms HVAC SCADA Video Situational Awareness Threat Intelligence Internal External Information Security Physical Security City Of LA Integrated SOC Report RespondCollect Collaborate
#RSAC ISOC Components 19 ISOC SITUATION AWARENESS  Operational Framework  SOC Integration  ISOC Access Control  Security Posture Dashboard  Threat Level Indicator  ISOC On-boarding Requirements
#RSAC ISOC Components 20 Threat Intelligence Portal (TIP)  Data Collection (Structured, Unstructured)  Data Sharing and Dissemination (Internal, External)  Data Integration  Classification  Alert Correlation  Access Control  Threat Map / Dashboard
#RSAC ISOC Components 21 Facility Design and Build Display Wall Display Wall Controller Consoles ISOC Dashboard Profiles
#RSAC City of Los Angeles Integrated Security Operations Center 22
#RSAC Awards 23 CENTER FOR DIGITAL GOVERNMENT’S 2015 CYBERSECURITY LEADERSHIP AND INNOVATION AWARD PUBLIC TECHNOLOGY INSTITUTE 2016 TECHNOLOGY SOLUTIONS AWARD
#RSAC References 25 Security Operation Center Concepts & Implementation – Renaud Bidou Building An Intelligence Driven Security Operations Center – RSA Technical Brief, June 2014 Toward a Theory of Situation Awareness in Dynamic Systems – Mica R. Endsley, 1995 Technology Overview for Threat Intelligence Platforms – Craig Lawson, Rob McMillan, December 2014
#RSAC TIMOTHY LEE Chief Information Security Officer City of Los Angeles timothy.lee@lacity.org

More Related Content

PPTX
Security operation center (SOC)
byAhmed Ayman
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
PPTX
Security operation center
byMuthuKumaran267
 
PDF
How To Present Cyber Security To Senior Management Complete Deck
bySlideTeam
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PDF
Security operations center 5 security controls
byAlienVault
 
PDF
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
byPriyanka Aash
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
Security operation center (SOC)
byAhmed Ayman
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
Security operation center
byMuthuKumaran267
 
How To Present Cyber Security To Senior Management Complete Deck
bySlideTeam
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Security operations center 5 security controls
byAlienVault
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
byPriyanka Aash
 
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 

What's hot

PDF
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
bySlideTeam
 
PPTX
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
PPTX
Dragos S4x20: How to Build an OT Security Operations Center
byDragos, Inc.
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PDF
Governance of security operation centers
byBrencil Kaimba
 
PDF
Q radar architecture deep dive
byKamal Mouline
 
PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PPTX
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
PPT
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
PPTX
SOC Cyber Security
bySteppa Cyber Security
 
PPT
Secure code practices
byHina Rawal
 
PPTX
SOAR and SIEM.pptx
byAjit Wadhawan
 
PPTX
Soc
byMukesh Chaudhari
 
PDF
Strategy considerations for building a security operations center
byCMR WORLD TECH
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
bySlideTeam
 
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
Dragos S4x20: How to Build an OT Security Operations Center
byDragos, Inc.
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Governance of security operation centers
byBrencil Kaimba
 
Q radar architecture deep dive
byKamal Mouline
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
SOC Cyber Security
bySteppa Cyber Security
 
Secure code practices
byHina Rawal
 
SOAR and SIEM.pptx
byAjit Wadhawan
 
Soc
byMukesh Chaudhari
 
Strategy considerations for building a security operations center
byCMR WORLD TECH
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 

Viewers also liked

PDF
Building a Cyber Security Operations Center for SCADA/ICS Environments
byShah Sheikh
 
PDF
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
byPriyanka Aash
 
PDF
Risk Analysis using open FAIR and Adoption of right Security Controls
byPriyanka Aash
 
PPTX
Practical Applications of Block Chain Technologies
byPriyanka Aash
 
PDF
Key Findings from the 2015 IBM Cyber Security Intelligence Index
byIBM Security
 
PDF
Security Program Development for the Hipster Company
byPriyanka Aash
 
PDF
State of Security Operations 2016 report of capabilities and maturity of cybe...
byat MicroFocus Italy ❖✔
 
PPTX
Top 10 tips for effective SOC/NOC collaboration or integration
bySridhar Karnam
 
PDF
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
byNorth Texas Chapter of the ISSA
 
PPTX
Keynote Session : NIST - Cyber Security Framework Measuring Security
byPriyanka Aash
 
PDF
Network Forensics and Practical Packet Analysis
byPriyanka Aash
 
PPTX
Gamification of your Global Information Security Operations Center - RSA 2015
byMorphick
 
PDF
AccelOps & SOC-NOC Convergence
byStephen Tsuchiyama
 
PDF
Le gouvernement électronique au Togo : Etat des lieux et prospectives
byEASY EGOV
 
PDF
Cyber Risk Management in 2017: Challenges & Recommendations
byUlf Mattsson
 
PDF
State of Cybersecurity: 2016 Findings and Implications
byPriyanka Aash
 
PDF
SOC Foundation
byMasoud Ostad
 
PDF
Partnership with a CFO: On the Front Line of Cybersecurity
byPriyanka Aash
 
PDF
Gov Day Austin Customer Presentation - Northrop Grumman Information Systems
bySplunk
 
PDF
Cybersecurity and The Board
byPaul Melson
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
byShah Sheikh
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
byPriyanka Aash
 
Risk Analysis using open FAIR and Adoption of right Security Controls
byPriyanka Aash
 
Practical Applications of Block Chain Technologies
byPriyanka Aash
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
byIBM Security
 
Security Program Development for the Hipster Company
byPriyanka Aash
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
byat MicroFocus Italy ❖✔
 
Top 10 tips for effective SOC/NOC collaboration or integration
bySridhar Karnam
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
byNorth Texas Chapter of the ISSA
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
byPriyanka Aash
 
Network Forensics and Practical Packet Analysis
byPriyanka Aash
 
Gamification of your Global Information Security Operations Center - RSA 2015
byMorphick
 
AccelOps & SOC-NOC Convergence
byStephen Tsuchiyama
 
Le gouvernement électronique au Togo : Etat des lieux et prospectives
byEASY EGOV
 
Cyber Risk Management in 2017: Challenges & Recommendations
byUlf Mattsson
 
State of Cybersecurity: 2016 Findings and Implications
byPriyanka Aash
 
SOC Foundation
byMasoud Ostad
 
Partnership with a CFO: On the Front Line of Cybersecurity
byPriyanka Aash
 
Gov Day Austin Customer Presentation - Northrop Grumman Information Systems
bySplunk
 
Cybersecurity and The Board
byPaul Melson
 

Similar to Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration

PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PPTX
SOC and SIEM.pptx
bySandeshUprety4
 
PDF
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
PPTX
Ten Tenets of CISO Success
byFrank Kim
 
PDF
For Critical Infrastructure Protection
byPriyanka Aash
 
PDF
Insights from-NSAs-cybersecurity-threat-operations-center
byPriyanka Aash
 
PPTX
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
bymohamadchiri
 
PDF
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
PDF
Keeping Up with the Adversary: Creating a Threat-Based Cyber Team
byPriyanka Aash
 
DOCX
Cyber Intelligence Operations Center
byBill Ross
 
PDF
Making Threat Intelligence Actionable Final
byPriyanka Aash
 
PPTX
Threat intelligence in security
byOsama Ellahi
 
PDF
Applied cognitive security complementing the security analyst
byPriyanka Aash
 
PDF
Threat intel- -content-curation-organizing-the-path-to-successful-detection
byPriyanka Aash
 
PDF
str-w04_next-wave-of-security-operationalization
bypeter lam
 
PDF
Intelligence-Led Security: Powering the Future of Cyber Defense
byPriyanka Aash
 
PDF
Make IR Effective with Risk Evaluation and Reporting
byPriyanka Aash
 
PDF
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
byPriyanka Aash
 
PDF
Threat Intelligence Is Like Three Day Potty Training
byPriyanka Aash
 
PDF
No more security empires - The ciso as an individual contributor
byPriyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
SOC and SIEM.pptx
bySandeshUprety4
 
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
Ten Tenets of CISO Success
byFrank Kim
 
For Critical Infrastructure Protection
byPriyanka Aash
 
Insights from-NSAs-cybersecurity-threat-operations-center
byPriyanka Aash
 
Shah Sheik Building a CSoC v1.2 DEFCAMP.pptx
bymohamadchiri
 
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
Keeping Up with the Adversary: Creating a Threat-Based Cyber Team
byPriyanka Aash
 
Cyber Intelligence Operations Center
byBill Ross
 
Making Threat Intelligence Actionable Final
byPriyanka Aash
 
Threat intelligence in security
byOsama Ellahi
 
Applied cognitive security complementing the security analyst
byPriyanka Aash
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
byPriyanka Aash
 
str-w04_next-wave-of-security-operationalization
bypeter lam
 
Intelligence-Led Security: Powering the Future of Cyber Defense
byPriyanka Aash
 
Make IR Effective with Risk Evaluation and Reporting
byPriyanka Aash
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
byPriyanka Aash
 
Threat Intelligence Is Like Three Day Potty Training
byPriyanka Aash
 
No more security empires - The ciso as an individual contributor
byPriyanka Aash
 

More from Priyanka Aash

PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 

Recently uploaded

PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
The year in review - MarvelClient in 2025
bypanagenda
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
AI Technology important knowledge ......
byutkarshj2007
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 

Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration

  • 1.
    SESSION ID: #RSAC TIMOTHY LEE INTEGRATEDSECURITY OPERATIONS CENTER (ISOC) FOR CYBERSECURITY COLLABORATION STR-F03 CHIEF INFO SECURITY OFFICER CITY OF LOS ANGELES
  • 2.
    #RSAC Background – Cityof Los Angeles 2 4 Million people, 465 sq mi, 15 Council District 2nd largest city in US Employment: 1.81 million Annual visitors: 42.21 Million 43 departments, 35,000 FTE Port of LA, Airport, Water and Power (3 Proprietary Departments) managing their own networks Information Technology Agency (ITA) manages the rest
  • 3.
    #RSAC Mayor’s Executive Directiveon Cybersecurity 3 “I’m creating this Cyber Intrusion Command Center (CICC) so that we have a single, focused team responsible for implementing enhanced security standards across city departments and serving as a rapid reaction force to cyber-attacks,” Mayor Eric Garcetti
  • 4.
    #RSAC Business Challenge 4 IT SecurityTeam is understaffed Dispersed log capturing capabilities Minimal use of collaboration tools Lack of Incident Management platform No integrated threat intelligence program Limited situation awareness (SA) and operational metrics for City as a whole Imbalance in Detection and Response capability “Siloed” SOCs/NOCs
  • 5.
  • 6.
    #RSAC Know yourself, Knowthe enemy 6 “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” ― Sun Tzu, The Art of War
  • 7.
    #RSAC Know yourself, Knowyour Enemy 7 Know Enemy Threat Intelligence (TI) Know Yourself Situation Awareness (SA)
  • 8.
    #RSAC Integrated Security OperationsCenter 8 Situation Awareness (SA) Threat Intelligence Program (TIP) Integrated Security Operations Center (ISOC)
  • 9.
  • 10.
    #RSAC What is SituationAwareness ? 10 Situation Awareness (SA) is the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Mica Endsley, 1988
  • 11.
    #RSAC Endsley SA Model 11 SituationAwareness Level 1 Perception Level 2 Comprehension Level 3 Projection Decision ActionState Of The Environment
  • 12.
    #RSAC Situation Awareness 12 PERCEPTION •Log Collection •ThreatIntel Feeds •SOC Incident Feeds •Security Posture Dashboard COMPREHENSION •Event Correlation and Analysis •Threat Intelligence Analysis PROJETION •Pattern Matching •Threat Forecast
  • 13.
    #RSAC What Is ThreatIntelligence (TI)? 13 Centre for the Protection of National Infrastructure cpni.gov.uk
  • 14.
    #RSAC What is ThreatIntelligence? 14 Specific Meaningful Actionable Relevant Timely
  • 15.
    #RSAC Threat Intelligence Sharing 15 Internal– SOCs, NOCs, Sysadmins, CIRTs External – Trusted partners, Law Enforcements, Vendors Standards – IODEF, YARA, OpenIOC, IF-MAP, STIX, TAXII, VERIS, CyBOX, TLP, OTX, CIF etc.
  • 16.
    #RSAC City of LosAngeles Integrated Security Operations Center 16
  • 17.
    #RSAC Security Operations Center(SOC) 17 Staff Tools & Technology Facility Processes & Procedures SOC
  • 18.
    #RSAC Integrated Security OperationsCenter (ISOC) 18 Threat Intelligence Services FBI Cyberhood MS-ISAC DHS/USSS SOCs SIEM NOCs Logs Access Control Fire Alarms HVAC SCADA Video Situational Awareness Threat Intelligence Internal External Information Security Physical Security City Of LA Integrated SOC Report RespondCollect Collaborate
  • 19.
    #RSAC ISOC Components 19 ISOC SITUATIONAWARENESS  Operational Framework  SOC Integration  ISOC Access Control  Security Posture Dashboard  Threat Level Indicator  ISOC On-boarding Requirements
  • 20.
    #RSAC ISOC Components 20 Threat IntelligencePortal (TIP)  Data Collection (Structured, Unstructured)  Data Sharing and Dissemination (Internal, External)  Data Integration  Classification  Alert Correlation  Access Control  Threat Map / Dashboard
  • 21.
    #RSAC ISOC Components 21 Facility Designand Build Display Wall Display Wall Controller Consoles ISOC Dashboard Profiles
  • 22.
    #RSAC City of LosAngeles Integrated Security Operations Center 22
  • 23.
    #RSAC Awards 23 CENTER FOR DIGITALGOVERNMENT’S 2015 CYBERSECURITY LEADERSHIP AND INNOVATION AWARD PUBLIC TECHNOLOGY INSTITUTE 2016 TECHNOLOGY SOLUTIONS AWARD
  • 24.
    #RSAC References 25 Security Operation CenterConcepts & Implementation – Renaud Bidou Building An Intelligence Driven Security Operations Center – RSA Technical Brief, June 2014 Toward a Theory of Situation Awareness in Dynamic Systems – Mica R. Endsley, 1995 Technology Overview for Threat Intelligence Platforms – Craig Lawson, Rob McMillan, December 2014
  • 25.
    #RSAC TIMOTHY LEE Chief InformationSecurity Officer City of Los Angeles timothy.lee@lacity.org