Cybersecurity Game Planning for Success
•Download as PPTX, PDF•
1 like•485 views
Insights 2015 - Cybersecurity- Game Planning for Success
Recommended
Recommended
More Related Content
What's hot
What's hot (18)
Similar to Cybersecurity Game Planning for Success
Similar to Cybersecurity Game Planning for Success (20)
More from Windham Brannon
More from Windham Brannon (8)
Recently uploaded
Recently uploaded (20)
Cybersecurity Game Planning for Success
- 1. Cybersecurity Game Planning for Success John Dolan & Derrick Helms, CISSP
- 2. Agenda Developing a strategy for success
- 4. #WBInsights15#WBInsights15 Assess Plan assessments based on needs • Risk • Compliance Requirements • Vulnerability Assessments • Policy • Current security controls
- 5. #WBInsights15#WBInsights15 Plan, Design and Implement Plan and Design • Asset Patch Management • Written Information Security Policy • Security and Compliance/Incident Management Handbook • Multi-layer Approach • Roadmap Implement • Phased roll-out • Test group before organization
- 6. #WBInsights15#WBInsights15 Protect Protect in Layers based on Assets • Network Level • Host Level • User Level • Data in transit • Remote Access • BYOD – Smartphones/Tablets
- 7. #WBInsights15#WBInsights15 Detect and Remediate Detect • Do you know who is accessing your network? • Do you know who is accessing and changing files? • Do you know when you users are logging in and out? From Where? Remediate • What are you doing to remediate your findings? • Is there a action plan or incident management policy on what to do and a clear understanding of who is accountable for making sure it gets done?
- 8. #WBInsights15#WBInsights15 Report Define Key information – What is happening? • Systems • Software • Events • Users • Incidents • Web Activity • File Access
- 9. Thank you! utgsolutions.com John Dolan jdolan@utgsolutions.com 678-730-2793 Derrick Helms, CISSP dhelms@utgsolutions.com 678-730-2742
Editor's Notes
- Introduction to topic and emphasize that the same core principles are the same across all governing bodies.
- JD – Cover overview. Define what I need to do, deploy the needed stuff and then execute. DH –Introduce myself, 15 years, etc. What we do with current clients and who our clients are, Provide Security knowledge, vulnerability assessments, policy reform, etc. Co-Source IT and IT Security Security Staffing Numbers – Some say 1:20 and some say 1:100 to be effective. Understand where you fall and ask yourself is someone really being held accountable for security. Understand that it takes a process. Rome was not built in a day. There is not a finish line. We are not about to talk about a bullet proof vest.
- Importance of proper assessment. Risk - What are our risks? What type of data do we have? What is our exposure? What data are we worried about? Partner for what is trending in security. Compliance – Credit Card – PCI, Medical – HIPPA, Vulnerability Assessment – have you ran one? Internal and external, patching Policy- do you have a active police and procedure process Current Security Controls – understand what you have Understand what can hurt my business, maybe it is not data but operational cost.
- Asset Patch Management – understand your assets for Patch Management Written Information Security Policy – for the employees understand policy and covers your company from legal signoff Security and Compliance/Incident Management Handbook – how to manual when it comes to your security products and or how to handle security breaches/incidents/etc Multi-layer Approach - Network (IDS/IPS, host-based AV/HIDS and user level Content Filtering/Training/Endpoint Encryption) Roadmap - Rome wasn't built in a day. How will you close the gaps. Set realistic expectations Implement – Phased roll-out and Test Group before rolling out to organization
- Devise multi-layer approach. If you’re relying on a single layer of defense you are not protected. Alabama defense example. Network Level- (Firewalls on edge and internal/wireless, IPS/IDS Intrusion Prevention/Detection Systems) Host Level - (AV, Event Monitoring, Content Filtering, Hard Drive encryption, Patch Management) User Level (Training and Content Filtering) Cryptolocker – how to block Data in Transit - (Email Encryption, SSH for File Transmissions) Remote Access - (2factor Authentication) BYOD - Smartphones/Tablets (Email Encryption)
- Detect – This is your (IPS/IDS, SIEM, Log Management, etc) This use to be a Enterprise only. Not anymore. Prices have come down and requirements have went up. The detection piece is great but do you have the remediation and or action plan to follow when the detection occurs. Incident Management Plans. Remediation - We spend time to identify weakness but do not hold anyone accountable for remediation. Remediate – this is your Action plans, incident management, etc.
- Who is checking? Detect Patches – 88 % of attackers are on known vulnerabilities, 44% of those are on patch 2 years and older. What process or product is providing the information? Is there clear workflows and incident management plans on what to do with information you are getting back? Events, Users, Actions? Who is accountable for the results coming back and ensuring they are addressed? If someone has this as a secondary role then it will always take a back seat which is what usually gets us out of whack. That is where automated systems or monitoring pickup. The reporting piece of the proven process is to give you metrics of what is working and or what is not working in your security practice. Gives you a place to go back.
- Closing – Next steps – Gather your team whether it be in house or co sourced and devise a plan. Make sure you are accounting for availability of resources. Start Prioritizing threats and produce your move forward roadmap. Everyone is open for these attacks, big small, financial none financial. Internet means risk. No one wants to spend the Money. There is on direct ROI. It is like buying insurance. The risk is real, we decide to ignore or act on it. Put it on the budget. People have a tendency to shop on logic, purchase on emotion. The money spent in the end cost a lot more then it would up front. We have had customers that call us after the attack and is losing money by the hour. Cryptolocker being the main one. There are best practices to stop it but need it. Check with vendors on patches. Have you staff give you the reports on where you stand.