North Texas Chapter of the ISSA, profile picture
Uploaded byNorth Texas Chapter of the ISSA
PPTX, PDF2,338 views

NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with People, Process & Technology by Robert L. Pace

The document details a presentation by Robert L. Pace at the North Texas ISSA Cyber Security Conference focused on leveraging big data to enhance information security through people, processes, and technology. It outlines the increasing number of cyber attacks and emphasizes the need for organizations to adopt big data techniques to improve security programs and decision-making. Key concepts discussed include the definitions of big data, the challenges faced in information security, and the importance of integrating various data sources for better risk management.

Internet
Related topics:
Information Security

Embed presentation

Downloaded 44 times
@NTXISSA Information Security Opportunity: Embracing Big Data with People, Process & Technology Robert L. Pace Senior Consultant Dell April 25, 2015
@NTXISSA 3Ps • Purpose • Discussion – “Security Opportunity – Embracing Big Data with People, Process & Technology • Process • Review of slide presentation & collaborative discussion • Product • Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective security programs via People, Process & Technology
@NTXISSA Robert L. Pace • Over 15 years in Information Security, working with various companies in different market verticals, both public and privately held. • Career at Dell began in 2012. I am responsible for delivering and managing a comprehensive Information Security Program for a major IT Outsourcing engagement for Dell. Work activity requires leadership of key IT Security governance processes, designing of security processes, enhancement of IT Security policies and analysis of escalated security threats for strategic countermeasures. • Certifications – CISSP; CISM; C|CISO; ITILv3; Six Sigma Green Belt • Education – Michigan State University – Bachelor of Science; Walsh College of Accountancy & Business Administration – Master of Science; Thunderbird Gavin International Institute – Executive Leadership Program • Contact – robert_pace@dell.com; (972) 577-5842
@NTXISSA Industry Data Cyber Attacks Continues
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 5 Data extracted from 2014 Global Report on the Cost of Cyber Crime, published by the Ponemon Institute No Decrease in Cyber Attacks “…..In our studies we look at 9 different attack vectors as the source of the cyber crime. This year, the benchmark sample of 257 organizations experienced 429 discernible cyber attacks or 1.6 attacks per company each week. The list below shows the number of successful attacks for the past three years, which has steadily increased.” • FY 2014, 429 attacks in 257 organizations or 1.7 successful attacks per company each week • FY 2013, 343 attacks in 234 organizations or 1.4 successful attacks per company each week • FY 2012, 262 attacks in 199 organizations or 1.3 successful attacks per company each week Types of Attacks Cost of Cyber Crime IT Security Spend Embracing Big Data – People, Process & Technology
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 6 Embracing Big Data – People, Process & Technology Available Data - Corp & Business Centric HR – Human Capital; Job Roles Supply Chain; Vendor Mgmt; Contracts;PMO Info Security Policies/Stds AV; Encryption; IDS/IPS; DB; Mainframe; MDM File Integrity; HIDS; NIDS; Content Filtering; FW; NAC; Scanning Actions; DLP; Identity Mgmt; Industry Trends Big Data View Collection of data from multiple sources in an effort to gain better intelligence Deliverable - IT Security Team Analyzes; Directs Remediation
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 7 Embracing Big Data – People, Process & Technology Source: Dell SecureWorks Threat Analysis Increasing Amount of Questions – Primary Driver for Embracing “BIG DATA”
@NTXISSA Sample Definitions of Big Data and Information Security
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 9 Embracing Big Data – People, Process & Technology •A new attitude by businesses, non-profits, government agencies, and individuals that combining data from multiple sources could lead to better decisions. •An all-encompassing term for any collection of data sets so large and complex that it becomes difficult to process them using traditional data processing applications. •Volume; Variety; Velocity; Variability; Veracity; Value Big Data •The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data •Cornerstone concepts in the variety of definitions – Confidentiality, Integrity & Availability Information Security
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 10 Embracing Big Data – People, Process & Technology
@NTXISSA Big Data NTX ISSA Cyber Security Conference – April 24-25, 2015 11 Embracing Big Data – People, Process & Technology Big Data • SIEM Data • Vulnerability Scanning • Application Scanning • Network Access Control • MDM/MAM Big Data • GRC Application • Asset Management (HW/SW) • Incident Management • Patch Management • Identity & Access Management Security Program Requires “Big Data” Coordination with Organizational Maturity & Data Governance
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 12 Embracing Big Data – People, Process & Technology People; PROCESS & Technology Leveraging the V’s of “Big Data” to Enhance Context of Risk Definition “IMPACT” X “PROBABILITY” = RISK Actionable Information “VALUE” Monitoring & Logging Incident Management Asset Mgmt Organizational Infusion Threat Intelligence Dynamic Reporting Emergence of Security Business Intelligence - SBI
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 13 Embracing Big Data – People, Process & Technology People; Process & TECHNOLOGY Technology • Leveraging technologies used by Marketing & Advertisers • NoSQL, Hadoop, MapReduce, etc. • Accustomed to working with Petabytes, Adaptable Structure & Automation Yielding Increased Security Posture Big Data • GRC Application • Asset Management (HW/SW) • Incident Management • Patch Management • SIEM Data • Identity & Access Management • Vulnerability Scanning • Application Scanning • Wireless Detection Scanning • Security Awareness Training
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 14 Embracing Big Data – People, Process & Technology http://www.dataversity.net/big-data-demystified-market-analysis-and-business-potential/ Internet of Things • All Market Segments Contributing Marketing & Advertising • Deeper Understanding of “Big Data” • Centered on Yielding Business Objectives Diverseness of Landscape & Expected Volumes To Increase Exponentially
@NTXISSA Industry Views ofBig Data and Information Security
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 16 Embracing Big Data – People, Process & Technology • Presentation at RSA Conference 2014 on Big Data • Term Security Business Intelligence floated as new type of analysis needed • Structure of heavy duty processor to effectively process the data in a timely manner View of what Intel is considering ~ SBI centered on protection of their “ Intellectual Property”
@NTXISSA Challenges, Risks & Transformation
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 18 Embracing Big Data – People, Process & Technology Advertising & Marketing Techniques • Understand data mining • Enormous capacities Creative Thinking • There is “no-box” • Agile and Adaptable to the situation…. • More self-healing controls Data Structures • Large collection, unbounded • Schema on “Write” vs on the “Read” New Talent Level • Heavy analytic skills • Data Miners with Big Data Certifications • Will learn Information Security….not core skill Information Security Transformation... “Radical Thinking” Potential Challenges & Risks for SBI and Big Data PEOPLE; Process & Technology
@NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 19 Embracing Big Data – People, Process & Technology Questions
@NTXISSA@NTXISSA The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – April 24-25, 2015 20 Thank you

More Related Content

PPTX
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - The Evolving DMZ by John Fehan
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Software Assurance (SwA) by John Whited
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - The Evolving DMZ by John Fehan
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Software Assurance (SwA) by John Whited
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
byNorth Texas Chapter of the ISSA
 

What's hot

PPTX
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
byNorth Texas Chapter of the ISSA
 
PDF
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
byNorth Texas Chapter of the ISSA
 
PPTX
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
byNorth Texas Chapter of the ISSA
 
PPTX
Tictaclabs Managed Cyber Security Services
byTicTac Data Recovery
 
PDF
Setting up CSIRT
byAPNIC
 
PDF
CSIRT_16_Jun
byCandan BOLUKBAS
 
PDF
Why Zero Trust Yields Maximum Security
byPriyanka Aash
 
PPT
Emerging Threats and Strategies of Defense
byAlert Logic
 
PDF
Next-Generation SIEM: Delivered from the Cloud
byAlert Logic
 
PDF
Secure Design: Threat Modeling
byNarudom Roongsiriwong, CISSP
 
PPTX
Ransomware: The Impact is Real
byNICSA
 
PDF
Top 5 Cloud Security Predictions for 2016
byAlert Logic
 
PDF
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
bycentralohioissa
 
PDF
Demystifying Security Analytics: Data, Methods, Use Cases
byPriyanka Aash
 
PDF
Journey to the Cloud: Securing Your AWS Applications - April 2015
byAlert Logic
 
PPT
Managed Cyber Security Services
byMichael Bowers
 
PDF
NTXISSACSC4 - How Not to Build a Trojan Horse
byNorth Texas Chapter of the ISSA
 
PDF
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
byBurton Lee
 
PDF
The State of Threat Detection 2019
byFidelis Cybersecurity
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
byNorth Texas Chapter of the ISSA
 
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
byNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
byNorth Texas Chapter of the ISSA
 
Tictaclabs Managed Cyber Security Services
byTicTac Data Recovery
 
Setting up CSIRT
byAPNIC
 
CSIRT_16_Jun
byCandan BOLUKBAS
 
Why Zero Trust Yields Maximum Security
byPriyanka Aash
 
Emerging Threats and Strategies of Defense
byAlert Logic
 
Next-Generation SIEM: Delivered from the Cloud
byAlert Logic
 
Secure Design: Threat Modeling
byNarudom Roongsiriwong, CISSP
 
Ransomware: The Impact is Real
byNICSA
 
Top 5 Cloud Security Predictions for 2016
byAlert Logic
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
bycentralohioissa
 
Demystifying Security Analytics: Data, Methods, Use Cases
byPriyanka Aash
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
byAlert Logic
 
Managed Cyber Security Services
byMichael Bowers
 
NTXISSACSC4 - How Not to Build a Trojan Horse
byNorth Texas Chapter of the ISSA
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
byBurton Lee
 
The State of Threat Detection 2019
byFidelis Cybersecurity
 

Similar to NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with People, Process & Technology by Robert L. Pace

PDF
Spo2 t17
bySelectedPresentations
 
PDF
Big Data for Security
byJoey Jablonski
 
PDF
El contexto de la integración masiva de datos
bySoftware Guru
 
PDF
Five_Big_Data_Security_Pitfalls
byLaris Orman
 
PDF
Big Data & Security Have Collided - What Are You Going to do About It?
byEMC
 
PDF
Kind of big data in info sec
byBen Finke
 
PDF
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
byNorth Texas Chapter of the ISSA
 
PPTX
Bigdata
byAnuraj Anand
 
PPTX
Advanced threat protection and big data
byPeter Wood
 
PDF
The value of big data analytics
byMarc Vael
 
PDF
Isaca new delhi india - privacy and big data
byUlf Mattsson
 
PDF
Keith prabhu global high on cloud summit
byadministrator_confidis
 
PDF
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
byAccountor Russia and Ukraine
 
PPTX
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
by44CON
 
PPTX
Security Analytics Beyond Cyber
byPhil Huggins FBCS CITP
 
PPTX
The REAL Impact of Big Data on Privacy
byClaudiu Popa
 
PPTX
Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
PDF
Steve Mills Senior Vice President and Group Executive IBM Software and Systems
byIBM India Smarter Computing
 
PDF
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
PDF
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
byEMC
 
Spo2 t17
bySelectedPresentations
 
Big Data for Security
byJoey Jablonski
 
El contexto de la integración masiva de datos
bySoftware Guru
 
Five_Big_Data_Security_Pitfalls
byLaris Orman
 
Big Data & Security Have Collided - What Are You Going to do About It?
byEMC
 
Kind of big data in info sec
byBen Finke
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
byNorth Texas Chapter of the ISSA
 
Bigdata
byAnuraj Anand
 
Advanced threat protection and big data
byPeter Wood
 
The value of big data analytics
byMarc Vael
 
Isaca new delhi india - privacy and big data
byUlf Mattsson
 
Keith prabhu global high on cloud summit
byadministrator_confidis
 
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
byAccountor Russia and Ukraine
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
by44CON
 
Security Analytics Beyond Cyber
byPhil Huggins FBCS CITP
 
The REAL Impact of Big Data on Privacy
byClaudiu Popa
 
Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
Steve Mills Senior Vice President and Group Executive IBM Software and Systems
byIBM India Smarter Computing
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
byEMC
 

More from North Texas Chapter of the ISSA

PPTX
Purple seven-ntxissacsc5 walcutt
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 yellow 7 protecting the cloud with cep
byNorth Texas Chapter of the ISSA
 
PDF
Ntxissacsc5 gold 4 beyond detection and prevension remediation
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 gold 1 mimecast e mail resiliency
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
byNorth Texas Chapter of the ISSA
 
PDF
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
byNorth Texas Chapter of the ISSA
 
PDF
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 purple 5-insider threat-_andy_thompson
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
byNorth Texas Chapter of the ISSA
 
PDF
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
byNorth Texas Chapter of the ISSA
 
PPTX
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
byNorth Texas Chapter of the ISSA
 
Purple seven-ntxissacsc5 walcutt
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
byNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
byNorth Texas Chapter of the ISSA
 

NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with People, Process & Technology by Robert L. Pace

  • 1.
    @NTXISSA Information Security Opportunity: EmbracingBig Data with People, Process & Technology Robert L. Pace Senior Consultant Dell April 25, 2015
  • 2.
    @NTXISSA 3Ps • Purpose • Discussion– “Security Opportunity – Embracing Big Data with People, Process & Technology • Process • Review of slide presentation & collaborative discussion • Product • Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective security programs via People, Process & Technology
  • 3.
    @NTXISSA Robert L. Pace •Over 15 years in Information Security, working with various companies in different market verticals, both public and privately held. • Career at Dell began in 2012. I am responsible for delivering and managing a comprehensive Information Security Program for a major IT Outsourcing engagement for Dell. Work activity requires leadership of key IT Security governance processes, designing of security processes, enhancement of IT Security policies and analysis of escalated security threats for strategic countermeasures. • Certifications – CISSP; CISM; C|CISO; ITILv3; Six Sigma Green Belt • Education – Michigan State University – Bachelor of Science; Walsh College of Accountancy & Business Administration – Master of Science; Thunderbird Gavin International Institute – Executive Leadership Program • Contact – robert_pace@dell.com; (972) 577-5842
  • 4.
  • 5.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 5 Data extracted from 2014 Global Report on the Cost of Cyber Crime, published by the Ponemon Institute No Decrease in Cyber Attacks “…..In our studies we look at 9 different attack vectors as the source of the cyber crime. This year, the benchmark sample of 257 organizations experienced 429 discernible cyber attacks or 1.6 attacks per company each week. The list below shows the number of successful attacks for the past three years, which has steadily increased.” • FY 2014, 429 attacks in 257 organizations or 1.7 successful attacks per company each week • FY 2013, 343 attacks in 234 organizations or 1.4 successful attacks per company each week • FY 2012, 262 attacks in 199 organizations or 1.3 successful attacks per company each week Types of Attacks Cost of Cyber Crime IT Security Spend Embracing Big Data – People, Process & Technology
  • 6.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 6 Embracing Big Data – People, Process & Technology Available Data - Corp & Business Centric HR – Human Capital; Job Roles Supply Chain; Vendor Mgmt; Contracts;PMO Info Security Policies/Stds AV; Encryption; IDS/IPS; DB; Mainframe; MDM File Integrity; HIDS; NIDS; Content Filtering; FW; NAC; Scanning Actions; DLP; Identity Mgmt; Industry Trends Big Data View Collection of data from multiple sources in an effort to gain better intelligence Deliverable - IT Security Team Analyzes; Directs Remediation
  • 7.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 7 Embracing Big Data – People, Process & Technology Source: Dell SecureWorks Threat Analysis Increasing Amount of Questions – Primary Driver for Embracing “BIG DATA”
  • 8.
    @NTXISSA Sample Definitions ofBig Data and Information Security
  • 9.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 9 Embracing Big Data – People, Process & Technology •A new attitude by businesses, non-profits, government agencies, and individuals that combining data from multiple sources could lead to better decisions. •An all-encompassing term for any collection of data sets so large and complex that it becomes difficult to process them using traditional data processing applications. •Volume; Variety; Velocity; Variability; Veracity; Value Big Data •The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data •Cornerstone concepts in the variety of definitions – Confidentiality, Integrity & Availability Information Security
  • 10.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 10 Embracing Big Data – People, Process & Technology
  • 11.
    @NTXISSA Big Data NTX ISSA CyberSecurity Conference – April 24-25, 2015 11 Embracing Big Data – People, Process & Technology Big Data • SIEM Data • Vulnerability Scanning • Application Scanning • Network Access Control • MDM/MAM Big Data • GRC Application • Asset Management (HW/SW) • Incident Management • Patch Management • Identity & Access Management Security Program Requires “Big Data” Coordination with Organizational Maturity & Data Governance
  • 12.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 12 Embracing Big Data – People, Process & Technology People; PROCESS & Technology Leveraging the V’s of “Big Data” to Enhance Context of Risk Definition “IMPACT” X “PROBABILITY” = RISK Actionable Information “VALUE” Monitoring & Logging Incident Management Asset Mgmt Organizational Infusion Threat Intelligence Dynamic Reporting Emergence of Security Business Intelligence - SBI
  • 13.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 13 Embracing Big Data – People, Process & Technology People; Process & TECHNOLOGY Technology • Leveraging technologies used by Marketing & Advertisers • NoSQL, Hadoop, MapReduce, etc. • Accustomed to working with Petabytes, Adaptable Structure & Automation Yielding Increased Security Posture Big Data • GRC Application • Asset Management (HW/SW) • Incident Management • Patch Management • SIEM Data • Identity & Access Management • Vulnerability Scanning • Application Scanning • Wireless Detection Scanning • Security Awareness Training
  • 14.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 14 Embracing Big Data – People, Process & Technology http://www.dataversity.net/big-data-demystified-market-analysis-and-business-potential/ Internet of Things • All Market Segments Contributing Marketing & Advertising • Deeper Understanding of “Big Data” • Centered on Yielding Business Objectives Diverseness of Landscape & Expected Volumes To Increase Exponentially
  • 15.
    @NTXISSA Industry Views ofBig Dataand Information Security
  • 16.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 16 Embracing Big Data – People, Process & Technology • Presentation at RSA Conference 2014 on Big Data • Term Security Business Intelligence floated as new type of analysis needed • Structure of heavy duty processor to effectively process the data in a timely manner View of what Intel is considering ~ SBI centered on protection of their “ Intellectual Property”
  • 17.
  • 18.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 18 Embracing Big Data – People, Process & Technology Advertising & Marketing Techniques • Understand data mining • Enormous capacities Creative Thinking • There is “no-box” • Agile and Adaptable to the situation…. • More self-healing controls Data Structures • Large collection, unbounded • Schema on “Write” vs on the “Read” New Talent Level • Heavy analytic skills • Data Miners with Big Data Certifications • Will learn Information Security….not core skill Information Security Transformation... “Radical Thinking” Potential Challenges & Risks for SBI and Big Data PEOPLE; Process & Technology
  • 19.
    @NTXISSANTX ISSA CyberSecurity Conference – April 24-25, 2015 19 Embracing Big Data – People, Process & Technology Questions
  • 20.
    @NTXISSA@NTXISSA The Collin CollegeEngineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – April 24-25, 2015 20 Thank you