best practices to improve breach readiness · organisations risk and requirements value of...
TRANSCRIPT
1 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC
http://blog.emc2.de/trust-security @RobtWesGriffin
3 © Copyright 2014 EMC Corporation. All rights reserved.
Security Breaches today
Source 2013 Information Breaches Survey PwC
4 © Copyright 2014 EMC Corporation. All rights reserved.
Organisation and Cost of Breaches
Source 2013 Information Breaches Survey PwC
5 © Copyright 2014 EMC Corporation. All rights reserved.
Security Incidents are Going Unnoticed
Lack of Staff
Too Many False Positive Responses
Too Many Manual Processes
Too Many Non-Integrated Tools
Security Attacks are Sophisticated
* ESG white Paper – “The Big Data Security Analytics is Here”, January 2014
6 © Copyright 2014 EMC Corporation. All rights reserved.
Taking Charge of Security
Organisations taking responsibility
Conducting assessments of business risk
Most breaches result from stumbling on basics: – Neglecting basic security hygiene – Relying only on threat prevention and detection – Mistaking compliance for security – Inadequate user training
7 © Copyright 2014 EMC Corporation. All rights reserved.
What is the right level of Security?
Organisations risk and requirements
Value of Information assets
Risk and Threat the organisation can expect to face
Prevailing security practices for the organisation’s peers
8 © Copyright 2014 EMC Corporation. All rights reserved.
People
Infrequent/irrelevant user training
Inadequate security staff
Teams roles and responsibilities not defined
9 © Copyright 2014 EMC Corporation. All rights reserved.
Process
Poor patch management
Ad hoc incident response, no well defined processes
Respond to fire drills – no time to improve from learning
10 © Copyright 2014 EMC Corporation. All rights reserved.
Technology
No central monitoring or alerting
Poor incident response and workflow
Insufficient tools for forensics
No threat intelligence collection or analysis
12 © Copyright 2014 EMC Corporation. All rights reserved.
Trust Imperatives Resilience
Transparency Relevance
13 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 1
Conduct on-going, all-inclusive Risk Assessments
– Facilities and suppliers – How you sell your goods and services – Channel Partners – Global coverage – Annually baked into new services
RISK
14 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 2
Locate and track High Value Digital Assets – What are they? – Where are they? – Who has access to them? – Who in the business owns the risk? – How can the risk be managed?
15 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 3
Model Threats and Vulnerabilities – Start with threat modelling – Collaborative and multi-disciplinary – Think like an attacker! – Forensic evaluations of previous
threats
16 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 4
Master Change Management – Not an administrative tick box – Must be part of project management – Qualify and quantify risk to stakeholders – Identify and document dependencies
17 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 5
Integrated Security – Bring together Process + Technology + People
Process
Technology
People
Incident Response
18 © Copyright 2014 EMC Corporation. All rights reserved.
Single UI
Incident Management & Reporting
Visibility
Security Architecture
Team
Device Administration
Data Warehouse &
Ticketing System
IT Team
Readiness, Response & Resilience (R3)
Workflow & Automation,
Rules, Alerts & Reports
Threat Triage
Analytic Intelligence Content Intelligence
Expertise
Level 1 Triage
Level 2 Triage
Level 3 Triage
Threat Intelligence
Controls
A/V IDS/IPS
Firewall/VPN Proxy
Packets Host File
DLP
SIEM Log Alerts
DLP Alerts
Signature less Alerts
Context
Business Context
Risk Context
Threat Context
Line of Business Owner Policy
Assessments Criticality
Vulnerability
Subscriptions Community
Open Source
19 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 6
Build Security Staff – Define roles and responsibilities – Establish capabilities in four key areas :
▪ Cyber risk intelligence and cyber analytics ▪ Security Data Management ▪ Risk Consultancy ▪ Controls design and assurance
– Response planning
20 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 7
Invest in Threat Intelligence
ANALYSIS METRICS ACTIONS
21 © Copyright 2014 EMC Corporation. All rights reserved.
Best Practices for Breach Readiness - 8
Quantify Impact of Security investments – Model ‘what if’ scenarios – Full costs : business, reputation and risk – Deploying Backup systems – Prioritizing budget
22 © Copyright 2014 EMC Corporation. All rights reserved.
“To ... not prepare is the greatest of crimes; to be prepared beforehand for any contingency is the greatest of virtues”
Sun Tzu – The Art of War
23 © Copyright 2014 EMC Corporation. All rights reserved.
Resources Breach readiness
– http://www.emc.com/collateral/data-sheet/11814-acd-ds-breachreadiness.pdf
– http://www.otalliance.org/resources/incident/2014OTADataBreachGuide.pdf
Breach reports – http://www.idtheftcenter.org/images/breach/ITRC_Breach_Report_2014.p
df – http://www.pwc.co.uk/audit-assurance/publications/2013-information-
security-breaches-survey.jhtml
Intelligence-driven security – http://www.esg-global.com/blogs/esg-report-on-big-data-security-
analytics/