SlideShare a Scribd company logo

Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Monitoring

Download as PPTX, PDF
NJVC, LLC
NJVC, LLC

Healthcare cyber security is an enterprise task that requires an enterprise solution, not a tool-by-tool, app-by-app approach. Find out which metrics you should be tracking across the enterprise and why emerging concepts like continuous monitoring might be just what the doctor ordered.

Technology
1 of 20
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data – UNCLASSIFIED
Agenda • • • • Healthcare Sector Threats Recent History Security Metrics Cyber Dashboards • Components • Visualization • Analytics • Risk Management • Breach detection 2 www.njvc.com/healthcare-it
Healthcare Sector Threats  Exploits – Wide Attack Profile             Personal Health Information (PHI) breaches Medical Identity theft Medical device intrusions Insurance / Medicare / Medicaid fraud Supply Chain corruption Third party payment processor breaches Supplier networks / Insurance vendors Corruption of health records Insurance / Medicare / Medicaid fraud Public network access to records Web application break ins Account Takeovers  Attack Methods – Varied and evolving             Social Engineering Wireless Interception (Bluetooth) Spear phishing, e-mail spoofing Mobile device exploitation (BYOD) Links to infected websites Malware – keyloggers, trojans, worms, data sniffers etc. Spyware, Ransomware (CryptoLocker) Insider threat Man-in-the-middle attacks Zero Day Exploits Distributed Denial of Service (DDoS) Rainbow tables Adversaries are always looking for “the weakest link” 3 www.njvc.com/healthcare-it
Recent History  32,500 patients of Cottage Health System in CA had personal and health information exposed on Google for 14 months (Oct 2012 – Dec 2013) – because of Business Associate lapse in server protection  Discovered via a voice mail message  Hackers break into FDA servers used to submit proprietary and confidential information – Oct 2013  Potential exposure: Drug manufacturing data, clinical trial data for 14,000 accounts  Boston Convention Center Nov 2013  American Public Health Association  America Society of Human Genetics • Credit card info stolen for over 21,000 attendees • No data breach source identified 4 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
Goal of using security metrics? 1. Quantify data to facilitate insight  2. People, process, technology Mitigate existing vulnerabilities  Unforeseen flaws in IT infrastructure or application software that can be exploited  Evade security controls Classes of Vulnerabilities (2013 Defense Science Board Report)  Tier 1: Known vulnerabilities  Tier 2: Unknown vulnerabilities (zero-day exploits)  Tier 3: Adversary-created vulnerabilities (APT)  Potential Categories        Application Security Network infrastructure End Devices Operations Help Desk / Support End Users Servers 5 www.njvc.com/healthcare-it
What makes a good metric?  Consistent collection methodology  Common definition – across an enterprise  Standard of measurement – clear, not ambiguous  Improves organization security posture  Supports comparisons over time  Enables comparison with peer companies  Effort to collect consistent with results  Enables decision making  Supports forensics as needed  Cheap / easy to collect 6 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
Toolset • SIEM (Security Incident and Event Monitor) • Raw data collection • Collect into central repository • NIST documents • Special Publication (SP) 800-39 • Managing Info Security Risk • SP 800-30 • Guide for Conducting Risk Assessments • Threat Assessment Services • Vulnerability Scanners 7 www.njvc.com/healthcare-it
Sample Security Metrics Architecture 8 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
CYBER DASHBOARDS 9 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
Enable Complete Picture of Network Assets – Aggregation, Correlation Situation Solution No enterprise view of the risk profile exists to enable a robust and resilient cyber defense posture 1. Gather and correlate existing data on systems 2. Identify complete set of IT assets 3. Store and display information in central location Data is fused into a single picture of network devices based on inputs from multiple authoritative security and management sources  Actionable Data – Enable the network operators and security analysts  Provide data in near real time as well as trending data over time Benefit     Enables continuous monitoring Provides real time visualization of security posture of enterprise Reduces the time between detect and react Empowers incident prevention through anomalous behavior detection and trending analysis 10 www.njvc.com/healthcare-it
Data Collection Components List of Devices Vulnerabilities by Name Vulnerabilities by Host Malware Threat List RSS Data Feeds Malware severity rating IP Addresses in use MAC Addresses in use Host Names Operating Systems Unauthorized software PHI timestamps 11 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
Cyber Dashboard Geo-Location Data-Firewall BlocksSources  Enterprise capable  Configure sensors in environment as appropriate  User focused    Accepts feeds from external sources Vendor neutral Firewall Blocks-IP Sources Weather & News Able to be tailored for each stakeholder  Visual display of data feeds Video Surveillance Network Statistics Server Utilization Geo-Location Data WHOIS Drill Down GeoLocation  Automated device interrogation  Periodic updates  Display aggregation US CERT & Other Advisories 12 www.njvc.com/healthcare-it
System Status & Performance at a Glance  Evaluate configuration changes  Perform root cause analysis  Plan network enhancements  Detect suspicious activity  Process alerts  Data exfiltration  Resource performance thresholds  Denial of Service attacks • • • • www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED Mobile Device status Authorized apps installed Remote wipe capability Summary usage statistics 13
Cyber Dashboard - Event Analysis and Reporting  The same data set can be viewed in multiple formats  Different perspectives help tell the full story and readily aid in identifying appropriate response priorities  One depiction will readily identify the most aggressive attackers  Another view of the same data can be rendered to show geographic dispersion and density 14 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
ANALYTICS 15 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
Risk Management Methodology  Start with Risk Matrix  Define Unwanted Outcomes (UO) UO UO UO          System breaches Data egress Unauthorized account access Malware intrusion Privilege escalations Patches out of date System downtime Unauthorized data alterations Network unavailability etc. etc.  Map UO onto Matrix  Look to reduce likelihood • (Frequency of event) Quantify and create a mitigation for each risk  Look to reduce impact • (Magnitude of harm) 16 www.njvc.com/healthcare-it
Breach Detection  Passive  Active  Unusual system behavior • • • • • • •  Log detection First time events Login failures Data replication Data movement DNS server configuration changes DNS query failures User privilege escalations  Many vendor analysis tools exist – but sifting through Big Data – and uncovering threats at line speeds requires automation  Human review of pre-filtered, pre-screened data.  Needle in a haystack – need to point the analyst where to look…  Aggregate volumes of data into a summary format  Stop data egress once infiltration is identified (minimize damage even if you have been breached)  Data Loss Prevention (DLP) products 17 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
Cybersecurity Analytics Service www.njvc.com/healthcare-it 18 18
Moving to Continuous Diagnostics and Mitigation Analytics External Reporting Cyber Command Cyber Dashboards Internal Auditing Establish Security Controls DHS CyberScope 19 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
THANK YOU QUESTIONS? Robert.michalsky@njvc.com Twitter: RobertMichalsky NJVC cyber security blog posts: http://www.njvc.com/blog White paper series on healthcare: http://www.njvc.com/resourcecenter/white-papers-and-case-studies 20 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED

Recommended

Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Effective Security Metrics
Effective Security MetricsEffective Security Metrics
Effective Security MetricsInnoTech
 

Recommended

Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Effective Security Metrics
Effective Security MetricsEffective Security Metrics
Effective Security MetricsInnoTech
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenPriyanka Aash
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity OverviewBrian Matteson, CISSP CISA
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2Manish Kumar
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTripwire
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 

More Related Content

What's hot

How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenPriyanka Aash
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2Manish Kumar
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 

What's hot (20)

How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performance
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and Often
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 

Viewers also liked

Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTripwire
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIsH Contrex
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteHPCC Systems
 
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NISTHIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NISTDavid Sweigert
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Kamishibai Process And General Training Instructions Created By Todd Mc Cann
Kamishibai Process And General Training Instructions Created By Todd Mc CannKamishibai Process And General Training Instructions Created By Todd Mc Cann
Kamishibai Process And General Training Instructions Created By Todd Mc Canntmccann2006
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResiliencePriyanka Aash
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics ProgramCydney Davis
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
Security officer kpi
Security officer kpiSecurity officer kpi
Security officer kpijomrichsa
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
HIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San FranciscoHIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San FranciscoAtlantic Training, LLC.
 

Viewers also liked (20)

Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security Dashboard
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIs
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 Keynote
 
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NISTHIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Maturity Models21
Maturity Models21Maturity Models21
Maturity Models21
 
Kamishibai Process And General Training Instructions Created By Todd Mc Cann
Kamishibai Process And General Training Instructions Created By Todd Mc CannKamishibai Process And General Training Instructions Created By Todd Mc Cann
Kamishibai Process And General Training Instructions Created By Todd Mc Cann
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics Program
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
Security officer kpi
Security officer kpiSecurity officer kpi
Security officer kpi
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
HIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San FranciscoHIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San Francisco
 

Similar to Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Monitoring

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Cybersecurity Education and Research Centre
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxVinayPratap58
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howlandnado-web
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Modification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical reviewModification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical reviewCSITiaesprime
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsIRJET Journal
 

Similar to Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Monitoring (20)

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptx
 
NetWitness
NetWitnessNetWitness
NetWitness
 
C3602021025
C3602021025C3602021025
C3602021025
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 dataset
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
46 102-112
46 102-11246 102-112
46 102-112
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
Gs Ch1
Gs Ch1Gs Ch1
Gs Ch1
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security application
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security application
 
Bt33430435
Bt33430435Bt33430435
Bt33430435
 
Bt33430435
Bt33430435Bt33430435
Bt33430435
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
 
Modification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical reviewModification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical review
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection Systems
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 

Recently uploaded

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Monitoring

  • 1. Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 2. Agenda • • • • Healthcare Sector Threats Recent History Security Metrics Cyber Dashboards • Components • Visualization • Analytics • Risk Management • Breach detection 2 www.njvc.com/healthcare-it
  • 3. Healthcare Sector Threats  Exploits – Wide Attack Profile             Personal Health Information (PHI) breaches Medical Identity theft Medical device intrusions Insurance / Medicare / Medicaid fraud Supply Chain corruption Third party payment processor breaches Supplier networks / Insurance vendors Corruption of health records Insurance / Medicare / Medicaid fraud Public network access to records Web application break ins Account Takeovers  Attack Methods – Varied and evolving             Social Engineering Wireless Interception (Bluetooth) Spear phishing, e-mail spoofing Mobile device exploitation (BYOD) Links to infected websites Malware – keyloggers, trojans, worms, data sniffers etc. Spyware, Ransomware (CryptoLocker) Insider threat Man-in-the-middle attacks Zero Day Exploits Distributed Denial of Service (DDoS) Rainbow tables Adversaries are always looking for “the weakest link” 3 www.njvc.com/healthcare-it
  • 4. Recent History  32,500 patients of Cottage Health System in CA had personal and health information exposed on Google for 14 months (Oct 2012 – Dec 2013) – because of Business Associate lapse in server protection  Discovered via a voice mail message  Hackers break into FDA servers used to submit proprietary and confidential information – Oct 2013  Potential exposure: Drug manufacturing data, clinical trial data for 14,000 accounts  Boston Convention Center Nov 2013  American Public Health Association  America Society of Human Genetics • Credit card info stolen for over 21,000 attendees • No data breach source identified 4 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 5. Goal of using security metrics? 1. Quantify data to facilitate insight  2. People, process, technology Mitigate existing vulnerabilities  Unforeseen flaws in IT infrastructure or application software that can be exploited  Evade security controls Classes of Vulnerabilities (2013 Defense Science Board Report)  Tier 1: Known vulnerabilities  Tier 2: Unknown vulnerabilities (zero-day exploits)  Tier 3: Adversary-created vulnerabilities (APT)  Potential Categories        Application Security Network infrastructure End Devices Operations Help Desk / Support End Users Servers 5 www.njvc.com/healthcare-it
  • 6. What makes a good metric?  Consistent collection methodology  Common definition – across an enterprise  Standard of measurement – clear, not ambiguous  Improves organization security posture  Supports comparisons over time  Enables comparison with peer companies  Effort to collect consistent with results  Enables decision making  Supports forensics as needed  Cheap / easy to collect 6 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 7. Toolset • SIEM (Security Incident and Event Monitor) • Raw data collection • Collect into central repository • NIST documents • Special Publication (SP) 800-39 • Managing Info Security Risk • SP 800-30 • Guide for Conducting Risk Assessments • Threat Assessment Services • Vulnerability Scanners 7 www.njvc.com/healthcare-it
  • 8. Sample Security Metrics Architecture 8 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 10. Enable Complete Picture of Network Assets – Aggregation, Correlation Situation Solution No enterprise view of the risk profile exists to enable a robust and resilient cyber defense posture 1. Gather and correlate existing data on systems 2. Identify complete set of IT assets 3. Store and display information in central location Data is fused into a single picture of network devices based on inputs from multiple authoritative security and management sources  Actionable Data – Enable the network operators and security analysts  Provide data in near real time as well as trending data over time Benefit     Enables continuous monitoring Provides real time visualization of security posture of enterprise Reduces the time between detect and react Empowers incident prevention through anomalous behavior detection and trending analysis 10 www.njvc.com/healthcare-it
  • 11. Data Collection Components List of Devices Vulnerabilities by Name Vulnerabilities by Host Malware Threat List RSS Data Feeds Malware severity rating IP Addresses in use MAC Addresses in use Host Names Operating Systems Unauthorized software PHI timestamps 11 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 12. Cyber Dashboard Geo-Location Data-Firewall BlocksSources  Enterprise capable  Configure sensors in environment as appropriate  User focused    Accepts feeds from external sources Vendor neutral Firewall Blocks-IP Sources Weather & News Able to be tailored for each stakeholder  Visual display of data feeds Video Surveillance Network Statistics Server Utilization Geo-Location Data WHOIS Drill Down GeoLocation  Automated device interrogation  Periodic updates  Display aggregation US CERT & Other Advisories 12 www.njvc.com/healthcare-it
  • 13. System Status & Performance at a Glance  Evaluate configuration changes  Perform root cause analysis  Plan network enhancements  Detect suspicious activity  Process alerts  Data exfiltration  Resource performance thresholds  Denial of Service attacks • • • • www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED Mobile Device status Authorized apps installed Remote wipe capability Summary usage statistics 13
  • 14. Cyber Dashboard - Event Analysis and Reporting  The same data set can be viewed in multiple formats  Different perspectives help tell the full story and readily aid in identifying appropriate response priorities  One depiction will readily identify the most aggressive attackers  Another view of the same data can be rendered to show geographic dispersion and density 14 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 16. Risk Management Methodology  Start with Risk Matrix  Define Unwanted Outcomes (UO) UO UO UO          System breaches Data egress Unauthorized account access Malware intrusion Privilege escalations Patches out of date System downtime Unauthorized data alterations Network unavailability etc. etc.  Map UO onto Matrix  Look to reduce likelihood • (Frequency of event) Quantify and create a mitigation for each risk  Look to reduce impact • (Magnitude of harm) 16 www.njvc.com/healthcare-it
  • 17. Breach Detection  Passive  Active  Unusual system behavior • • • • • • •  Log detection First time events Login failures Data replication Data movement DNS server configuration changes DNS query failures User privilege escalations  Many vendor analysis tools exist – but sifting through Big Data – and uncovering threats at line speeds requires automation  Human review of pre-filtered, pre-screened data.  Needle in a haystack – need to point the analyst where to look…  Aggregate volumes of data into a summary format  Stop data egress once infiltration is identified (minimize damage even if you have been breached)  Data Loss Prevention (DLP) products 17 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 19. Moving to Continuous Diagnostics and Mitigation Analytics External Reporting Cyber Command Cyber Dashboards Internal Auditing Establish Security Controls DHS CyberScope 19 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED
  • 20. THANK YOU QUESTIONS? Robert.michalsky@njvc.com Twitter: RobertMichalsky NJVC cyber security blog posts: http://www.njvc.com/blog White paper series on healthcare: http://www.njvc.com/resourcecenter/white-papers-and-case-studies 20 www.njvc.com/healthcare-it NJVC, LLC Proprietary Data – UNCLASSIFIED

Editor's Notes

  1. I may combine two screen caps into a single slide if it’ll render well.