This webinar is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. It will also assist with your preparation for a Computer Security Incident Handling certification.
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
In this webinar we’ll discuss how you can map CVE records with the MITRE ATT&CK framework to enhance vulnerability management process and achieve better risk management.
Workshop content to support a half day training session on threat modeling, specifically focusing on Hacker Stories / Rapid Threat Modeling / VAST / Misuse or Abuse Cases. This content is focused on orienting someone new to threat modeling, then subsequently how to get started with threat modeling in a devops world.
This webinar is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. It will also assist with your preparation for a Computer Security Incident Handling certification.
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
In this webinar we’ll discuss how you can map CVE records with the MITRE ATT&CK framework to enhance vulnerability management process and achieve better risk management.
Workshop content to support a half day training session on threat modeling, specifically focusing on Hacker Stories / Rapid Threat Modeling / VAST / Misuse or Abuse Cases. This content is focused on orienting someone new to threat modeling, then subsequently how to get started with threat modeling in a devops world.
Ransomware has not gone away. In fact, ransomware criminals have evolved their malware so they can encrypt more data before detection and increase the likelihood you will pay their ransom.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Title: Welcome to the world of Cyber Threat Intelligence!
Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset.
Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
Dragos discusses the quickly rising tensions between the US, Russia, and Iran, threat intelligence on malicious activity surrounding these tensions, and recommended responses to defend industrial control systems and critical infrastructure worldwide.
Presentations included from Dragos Threat Intelligence following these threats and the Dragos Threat Operations Center currently responding and defending against these threats.
Visit www.dragos.com for more info about industrial cybersecurity
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
Intelligence Analyst Selena Larson, Sr. Adversary Hunter Joe Slowik, and Sr. Adversary Hunter Amy Bejtlich overview the 2018 Year in Review report detailing the eight ICS threat activity groups Dragos' Intelligence team tracks and the changing threat landscape.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Brad Andrews, CEO, RBA Communications
Threat Modeling Overview
This session will cover the basic elements of threat modeling, looking at what it does and why it is important. The goal is to provide a high level overview of the process and the use of things like data flow diagrams to look for trust boundaries attacks may come across. We will go through some common threats and hopefully a list of dangers to watch out for when carrying out threat modeling. The session will then work to interactively develop a flow diagram of Amazon.com and possibly another subject if we have time. This will all be based on looking at the system as a user, without any insider knowledge, though Threat Modeling is normally carried out by those who do know the system well.
Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regard to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset. In this slide deck, Robert Hurlbut provides practical strategies to develop a threat modeling mindset by: understanding a system, identifying threats, identifying vulnerabilities, determining mitigations and applying the mitigations through risk management.
DevOps Indonesia "How Security with DevOps can Deliver more secure software"
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - Remediation) by Mr. Faisal Yahya
Jon Murphy, National Practice Lead, AOS
Top 10 Trends for 2015 in Information Tech Risk Management
ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.
Ransomware has not gone away. In fact, ransomware criminals have evolved their malware so they can encrypt more data before detection and increase the likelihood you will pay their ransom.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Title: Welcome to the world of Cyber Threat Intelligence!
Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset.
Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
Dragos discusses the quickly rising tensions between the US, Russia, and Iran, threat intelligence on malicious activity surrounding these tensions, and recommended responses to defend industrial control systems and critical infrastructure worldwide.
Presentations included from Dragos Threat Intelligence following these threats and the Dragos Threat Operations Center currently responding and defending against these threats.
Visit www.dragos.com for more info about industrial cybersecurity
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
Intelligence Analyst Selena Larson, Sr. Adversary Hunter Joe Slowik, and Sr. Adversary Hunter Amy Bejtlich overview the 2018 Year in Review report detailing the eight ICS threat activity groups Dragos' Intelligence team tracks and the changing threat landscape.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Brad Andrews, CEO, RBA Communications
Threat Modeling Overview
This session will cover the basic elements of threat modeling, looking at what it does and why it is important. The goal is to provide a high level overview of the process and the use of things like data flow diagrams to look for trust boundaries attacks may come across. We will go through some common threats and hopefully a list of dangers to watch out for when carrying out threat modeling. The session will then work to interactively develop a flow diagram of Amazon.com and possibly another subject if we have time. This will all be based on looking at the system as a user, without any insider knowledge, though Threat Modeling is normally carried out by those who do know the system well.
Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regard to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset. In this slide deck, Robert Hurlbut provides practical strategies to develop a threat modeling mindset by: understanding a system, identifying threats, identifying vulnerabilities, determining mitigations and applying the mitigations through risk management.
DevOps Indonesia "How Security with DevOps can Deliver more secure software"
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - Remediation) by Mr. Faisal Yahya
Jon Murphy, National Practice Lead, AOS
Top 10 Trends for 2015 in Information Tech Risk Management
ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.
This ppt contains information about definition of computer & information security, types of attacks, services, mechanisms, controls and model for network security
Data security risks are on the rise in the digitized world we live in. Traditional perimeter security is not enough to protect your critical business data against the risk of data loss.
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
Cyber security professionals are in high demand, and those willing to learn new skills to enter the area will have plenty of opportunities. Our goal is to present you with the most comprehensive selection of cybersecurity interview questions available.
It's been said nearly every two seconds a new malicious URL is created for use in a cyber attack. Statistics like these should give pause, knowing your agency’s data is constantly vulnerable to such risks. In this guide, we’ll give you the tools and information you need to defend against cyber threats. We start with some of the most recent tactics, so you and your staff can be alert for suspicious happenings. Next, we look at how to inform and protect your clients and staff. Finally, we explore how to keep your data secure in the power of the cloud.
Similar to Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy (20)
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
Learn how to find peace and happiness within you and around you amidst chaos and understanding how the mind-body-energy connection plays a crucial role in the world of Cyber. Mental health and wellness can be the difference between a Cyber professional and a criminal.
Cloud Security Architecture - a different approachEC-Council
Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
HACKING YOUR CAREER
Learn how to take charge of your future and ring success out of every opportunity. I had some hard lessons on my way to becoming the CISO of a billion dollar company and now you can benefit from those experiences. In this candid conversation, you will learn the secrets to kicking your career’s ass.
HACKING DIVERSITY
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
CLOUD PROXY TECHNOLOGY [THE CHANGING LANDSCAPE OF THE NETWORK PROXY]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
DNS: STRATEGIES FOR REDUCING DATA LEAKAGE & PROTECTING ONLINE PRIVACY
DNS is the foundational protocol used to directly nearly all Internet traffic making the collection and analysis of DNS traffic highly valuable. This talk will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work.
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
THE $750 BILLION VEHICLE DATA GOLD RUSH – PIRATES AHOY!
Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
ARE YOUR CLOUD SERVERS UNDER ATTACK
For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
Behold the powers of behavioral alchemy! Are you ready to unleash 4 "Trojan Horses for the Mind" that will change the way you communicate forever? How about a magic wand that will help manifest secure behaviors and shape culture? Attend this session and harness the power.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
ALEXA IS A SNITCH!
You’re not paranoid, your voice assistant is listening. And what’s worse, Alexa is stitching on you! What is she hearing? Where is she sending it? And is there anything we can do to stop her?!
Join me as we discuss the current state of security around voice assistants. And how to silence them.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
1. Thwarting the Insider Threat: Developing a
Robust “Defense in Depth” Data Loss
Prevention Strategy
Kevin McPeak, CISSP, ITILv3
Technical Architect, Security
Symantec Public Sector Strategic Programs
2014 Global CISO Forum
October 17, 2014
Atlanta, GA
2. Trends, News and What’s at Stake
64% of data
loss caused by
well-meaning
insiders
50% of
employees
leave with
data
$5.4 million
average cost
of a breach
Legal and
compliance
penalties
A potential
“black eye”
for your
company’s
reputation
2Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
3. Definitions & Baseline
Definitions:
Thwart: [thwawrt] to successfully oppose; to frustrate; to baffle
Insider: [in-sahy-der] a person possessing information that’s not publically available
Threat: [thret] a menace or warning of probable trouble
Strategy: [strat-i-jee] a plan or method to reach a goal
Baseline for Understanding: Cyber Defense Modeling
Modeling on the C-I-A Triad: Confidentiality, Integrity, Availability
Integrity & Availability: Traditional “inbound” cyber defenses (anti-
malware, system hardening, inbound web and inbound mail filtering,
etc.)
Confidentiality: Data Loss Prevention for “outbound” defense
3Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
4. Historically Significant “Insider Threats”
The Ones You Likely Know….
Benedict Arnold, Julius & Ethel Rosenberg, Alger Hiss (still debated),
Aldrich Ames, Robert Hanssen, Ana Montes, Bradley Manning, Edward
Snowden, and unfortunately many others….
Some Ones You May Not Know….
• John Surratt
• the Cambridge Five
• Abdel Khader Khan
Key Question: How many may be currently unknown because
they are operating in the shadows undetected?
4Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
5. Data Loss Prevention Guidelines for Federal Agencies
NIST Special Pubs
SP 800-122: Protecting the Confidentiality of PII
SP 800-53R4: Security & Privacy Controls for Fed Info Systems & Organizations
(Take a special look at Appendix J, entitled "Privacy Control Catalog")
SP 800-144: Security & Privacy in Public Cloud Computing
SP 800-137: Continuous Monitoring for Fed Info Systems & Organizations
SP 800-128: Security-Focused Config Mgmt of Info Systems
SP 800-124R1: Managing the Security of Mobile Devices in the Enterprise
SP 800-88R1: Media Sanitization (Draft)
SP 800-157: Derived PIV Credentials
SP 800-79 2: Authorization of PIV Card Issuers & Derived PIV Credential Issuers(Draft)
SP 800-61R2: Computer Security Incident Handling
SP 800-60R1: Mapping Types of Info & Info Systems to Security Categories
5Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
6. NIST SP 800-144: Guidelines on
Security & Privacy in
Public Cloud Computing
This SP discusses the concept of "Value
Concentration" in Section 4.7, where it says:
“A response to the question ‘Why do you
rob banks?’ is often attributed to Willie
Sutton, a historic and prolific bank robber.
His purported answer was, ‘Because that is
where the money is.’
In many ways, data records are the
currency of the 21st century and cloud-
based data stores are the bank vault,
making them an increasingly preferred
target due to the collective value
concentrated there.”
6
“Just as economies of scale exist in robbing banks
instead of individuals, a high payoff ratio also exists for
successfully compromising a cloud.”
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
7. NIST SP 800-53R4: Security & Privacy Controls for
Federal Information Systems & Organizations
7Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
8. Data Loss Prevention Strategy
Setting Goals
1: Safeguard the lives, safety, and reputation of your business by safeguarding your
organization’s most sensitive data. Government agencies, corporations, and
academic institutions can suffer an enormous reputation hit after even one
embarrassing public disclosure
2: Discover sensitive data wherever it resides and identify those endpoints with the
highest risk
3: Actively monitor the many ways sensitive data can be used on the endpoint and
flag all abnormal activities
4: Utilize the most efficient and unobtrusive methods possible
8Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
9. Data Loss Prevention Strategy…..
…..in Ten Easy Steps!
I: Identify the Appropriate Data Owners (Operating Units, Specialized Teams,
Task Forces, Specific Individuals)
II: Locate All of the Places Where Sensitive Data Resides
III: Tag your Sensitive Data
IV: Monitor/Learn How Sensitive Data is Typically Used by Your Workforce
V: Determine Where Sensitive Data Goes
VI: Implement Automatic “Real-Time” Methods to Enforce Your CISO
Approved Data Security Policies (Visibility, Remediation, Notification &
Prevention)
VII: Educate Your Sys Admins as Well as Your End Users about Sensitive Data
Security
VIII: De-escalate Excessive Sys Admin Privileges
IX: Wrap Additional Security Around Sensitive Data
X: Halt Data Leaks Before Spillage Occurs
9Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
10. Data Loss Prevention Strategy
I. Identify the Appropriate Data Owners
1: Identify the Appropriate Operating Units, Specialized Teams, Task Forces, Specific Individuals
2: Work with these Data Owners to further identify additional priority data types. This is an
iterative process for risk reduction
10Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
II. Locate All of the Places Where Your
Organization’s Sensitive Data Resides
1: Consider data at rest, data in use, data in motion, archived data, & encrypted data
2: Consider standard locations: network devices, storage, databases, file servers, web
portals and other applications, laptops, e-mail servers (MTA or Proxy), PST files
3: Consider other locations: mobile devices, printers, scanners, fax machines, copiers, file
sharing apps like Dropbox or Evernote, USB drives, CD/DVDs, paper copies, IM, "free"
webmail services, university webmail for students & alumni, FTP puts
11. Data Loss Prevention Strategy
III. Tag your
Sensitive Data
IV. Monitor &
Learn How
Sensitive Data
is Typically
Used and
Typically
Generated by
Your
Workforce
11Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
V. Determine Where Sensitive Data Goes
…. Don’t be Lookin' for Data in All the Wrong Places....
12. Data Loss Prevention Strategy
VI. Implement Automatic “Real-Time” Methods to Enforce Your
CISO Approved Data Security Policies
Visibility: The first step is to understand where your data is stored & how it is used across your enterprise
Remediation: Once you’ve identified broken business processes & high-risk users, then you can improve
processes, clean up misplaced data, & provide specialized training to high-risk users
Notification: Next, turn on automated e-mail & onscreen pop-up notifications to educate users about data
loss policies - this alone can dramatically cut down the number of repeat offenses
Prevention: And lastly, stop users from accidentally or maliciously leaking information by quarantining,
encrypting & blocking inappropriate outbound communications
12Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
13. Data Loss Prevention Strategy
VII. Educate Your Sys Admins as Well as Your End
Users about Sensitive Data Security
1: Sys Admins may not realize CISO approved policies exist for certain data
types
2: Sys Admins (as well as end users) may be more receptive than you would
initially think…
VIII. De-escalate Excessive Sys Admin Privileges
1: Most Sys Admins don’t want admin rights beyond what they need to do
their assigned job functions
2: Separation of duties is a cybersecurity best practice for thwarting the Sys
Admin “Insider Threat”
13Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
14. Data Loss Prevention Strategy
IX. Wrap Additional Security Around Sensitive Data
1: The best Incident Response (IR) is for the incident to have been
thwarted in the first place, long before it became an incident
2: Review your file permissions
3: Consider using additional encryption for sensitive data as part of
your defense in depth posture
14Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
15. Data Loss Prevention Strategy
X. Halt Data Leaks Before Spillage Occurs
15Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
16. Well-meaning Insiders Malicious Insiders Malicious Outsiders
It’s about people
The Faces of your Data Loss Prevention Strategy
16Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
17. Potential
Actions
DLP is About People
17
Detection and
Response
Problem
Betty is working on a
spreadsheet that has
multiple worksheet
tabs within the
overall workbook.
PII resides on a
different tab than the
one that Betty is
working on.
Betty attempts to e-
mail PII data without
even knowing it
Response
Content inspection &
context for policy
match as e-mail
leaves server
Endpoint: DLP
inspects the mail
when user hits “send”
Monitor, notify user,
encrypt or block
Endpoint: Display
pop-up, justify, block
e-mail, remove
content
Result
Help users
understand and
justify risk
transparently
Block or encrypt data
in some cases
Betty G. Well Meaning Insider
Human Resources Specialist| Your Organization’s Admin Services Department
SITUATION: Sending PII data over e-mail
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
18. Sanjay V. Well Meaning Insider
Accountant | Finance Department
SITUATION: Copying sensitive data to removable storage devices
Potential
Actions
18
Problem
Sanjay is relatively new
to the organization and
although he completed
security training, he is
relying on methods
that he used at his
previous job
With no bad intent, he
nonetheless copies
sensitive financial data
to removable media,
thus violating your
CISO’s policy
Response
Endpoint: analyzes
content based on
policies
Monitor
Record
Notify
Automatically encrypt
files
Result
Automatically encrypt
content
Higher visibility into
where data is going
Change user behavior
DLP is About People
Detection and
Response
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
19. Potential
Actions
19
Problem
Due to his mission’s
extreme op tempo,
Charles has been
awake for over 24
hours.
Prior to going off
shift, he inadvertently
stores a specific
Interstate Joint Task
Force’s sensitive data
on an unprotected
share
Response
A scan finds the
exposed data
Charles is identified
as the file owner
Notify Charles
Encrypt the data
Move the file
Apply rights
management policies
Result
Secure your most
sensitive assets –
keep the malicious
outsider from finding
them
Charles N. Well Meaning Insider
Special Agent | Your City’s Law Enforcement Agency
SITUATION: Discovering data spills and cleaning them up
DLP is About People
Detection and
Response
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy
20. Potential
Actions
20
Problem
Mimi has been
compromised
Industrial espionage
or criminal intent
motives
She attempts to share
sensitive (perhaps
even USG classified)
data via e-mail or
removable storage
Response
Data Loss Prevention
strategy has put tools
in place to monitor
desktop and network
activity
Mimi is caught in the
act
Notify (warn) the user
of their actions
Inform manager,
security and/or HR
Stop the transmission
or copy
Contact Law
Enforcement
Result
Sensitive or even
classified information
doesn’t leave the
appropriate
accreditation
boundary
Personnel know they
are being monitored
Mimi L. Malicious Insider
Soon-to-be-Behind-Bars Chemical Engineer| Manufacturing Department
SITUATION: Attempting to copy classified data
DLP is About People
Detection and
Response
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Loss Prevention Strategy