security @unb - a presentation to atlseccon
DESCRIPTION
My slide deck from the recent Atlantic Security Conference (AtlSecCon) in Halifax, Nova Scotia in April 2015.TRANSCRIPT
![Page 1: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/1.jpg)
Security @ UNBHow UNB is using policy, practice and technology to enhance cyber security
![Page 2: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/2.jpg)
What are we here to talk about?
uUNB’s titanic cyber security struggle
uUsing threat intelligence for both tactical and strategic decisions
uMoving away from playing a losing game of cyber security whack-a-mole
![Page 3: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/3.jpg)
My backgroundu Bachelor of Arts in Information and Communications Studies
(‘05). Master of Business Administration (‘15)
u Former Canadian Army reservist (armoured vehicle driver & gunner)
u Former reporter for the provincial newspaper
u Former web content strategist for UNB Communications & Marketing
u Accidental IT Security professional and fortunate member of an amazing team
![Page 4: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/4.jpg)
The Security Action Team (SAT)u Provides IT security leadership
u Formulates, implements and coordinates polices, plans and projects
u Incident Response
u Advises IT security resourcing, technologies, and community education.
![Page 5: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/5.jpg)
About UNBu North America’s oldest
English public university (Est. 1785)
u 11,000 students
u 2,000 FTE Faculty and Staff
u Hybrid IT environment (centralized and decentralized)
![Page 6: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/6.jpg)
In defence of “cybersecurity”
Officially, ISO/IEC 27032 addresses “Cybersecurity” or “Cyberspace security”, defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”.
In turn “the Cyberspace” (complete with definite article) is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”.
![Page 7: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/7.jpg)
![Page 8: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/8.jpg)
What I think we do:
![Page 9: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/9.jpg)
What clients think we do….
![Page 10: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/10.jpg)
Why are universities a target?
u We we’re designed to be open (we’re easy)
u We have a treasure trove of PIIu We have valuable intellectual propertyu We have others valuable intellectual
propertyu We are a route into more secure orgs
![Page 11: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/11.jpg)
Our challengesu We average between 83 and 55 attempts per second
to breach our network (massively automated threats)
u We have more than 2.2 million security events daily on our network
u We have more than 500 offences weekly
u We have as many as 120 compromised endpoints a month (half of which are students)
u We are the ultimate BYOD environment
![Page 12: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/12.jpg)
The cost of a breach
u $184 dollars on average per record in education, based on figures from a 2014 Ponemon Institute Study
![Page 13: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/13.jpg)
Threat Intelligence Sources
u QRadar Security Inteligence Event Management (SIEM)
u Trend Micro Deep Discovery Malware detection tool
u Kaspersky Anti-Virus Reporting Systemu Government, industry contacts and
listservsu InfoSec News Sources and Social Media
![Page 14: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/14.jpg)
Malware CNC CallBacks (30 days)
![Page 15: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/15.jpg)
Affected Hosts
![Page 16: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/16.jpg)
Threat Patterns
![Page 17: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/17.jpg)
Remote Intrusion Attempts Source
![Page 18: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/18.jpg)
Remote Intrusion Attempts Destination
![Page 19: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/19.jpg)
Security Offences
![Page 20: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/20.jpg)
Moving beyond tactical response
![Page 21: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/21.jpg)
UNB’s move to IT Risk Management
Day-to-day IT Operations
IT Security Operations
Threat Analysis, Policy & Procedure Development
IT Risk Management
Maturity
![Page 22: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/22.jpg)
Iterative improvement model
Risk Management
IT Operations
Security Operations
Threat AnalysisPolicy &
Procedure Development
![Page 23: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/23.jpg)
The Security Building Blocks
Operations Service Desk
Security Action Team
Communications:
Risk Management, Quality Assurance and Standards Development
![Page 24: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/24.jpg)
Service Desk
uHelp Desk escalates threats to SAT
uAssists with user education
uDesktop Group helps harden end points and triage compromises
![Page 25: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/25.jpg)
Operations
uSystems and Network monitoring, reporting of threats, ensuring patching and reporting policy or procedure compliance issues. Participates in incident response.
![Page 26: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/26.jpg)
Communications
u Assists with development and execution of user awareness and culture change campaigns.
u Assists with developing and executing incident communications
![Page 27: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/27.jpg)
Security and Operationsu Operations: Trying to keep the lights on
u IT Security: ensuring compliance with protective measures
u Critical to avoid ineffective communications. Security and Operations groups in IT have different goals and in some cases cultures. Critical to ensure alignment with overall IT Strategy
![Page 28: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/28.jpg)
The cross-functional workflow
Client provides username and
password in phishing attempt
Help Desk or Level One advises + assists client
with safe password reset
IT Security initiates incident investigation
Operations staff engaged to assist with
log review / access checks
UNB Privacy Officer engaged in event of a potential data breach
Client advised of investigation,
encouraged to take awareness course
![Page 29: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/29.jpg)
What fighter jets in the Korean War can teach us about cybersecurity
![Page 30: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/30.jpg)
The OODA Loop
Observe
Orient
Decide
ActOODA Cycle
![Page 31: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/31.jpg)
A harsh truth:
uSimply buying the latest and greatest big shiny security technology will not make your organization safer
uStrategy + Technology + Process + People = Success
![Page 32: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/32.jpg)
Security Strategy Pillars
Security Strategy
IT Security PolicyData Governance
Security Architecture:Tools, People, Process
Culture Change:User Awareness +
Behaviour Change
![Page 33: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/33.jpg)
Translating Cyber Security-ese to Business-ese
![Page 34: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/34.jpg)
Making the case
Where cybersecurity fits in Porter’s Value Chain
![Page 35: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/35.jpg)
The disconnect between threat awareness and concern about threats
![Page 36: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/36.jpg)
Do you believe your organization has an accurate picture on the threats it faces on a daily basis?
![Page 37: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/37.jpg)
61% weren’t sure or weren’t confident
Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015.
![Page 38: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/38.jpg)
How concerned are you about an attack leading to a data breach?
Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015. N = 40
![Page 39: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/39.jpg)
65% very concerned
Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015. N = 34
![Page 40: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/40.jpg)
We need to change the cybersecurity story.
![Page 41: Security @UNB - a presentation to AtlSecCon](https://reader033.vdocuments.mx/reader033/viewer/2022050909/55cf8ed5550346703b9613ab/html5/thumbnails/41.jpg)
Questions?