1 / 31

Data Protection Strategy

Data Protection Strategy. Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania. Cyber Protection Strategy. Tactical or Strategic? Vendor Driven or business driven Reactive or proactive. StrategicCISO.com.

evonne
Download Presentation

Data Protection Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection Strategy • Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania

  2. Cyber Protection Strategy • Tactical or Strategic? • Vendor Driven • or business driven • Reactive • or proactive StrategicCISO.com

  3. The trouble is that criminals seem to be able to stay one step ahead, and the law-abiding have to spend to much time trying to catch up • Nigel Phair, Cybercrime, The Reality of the Threat, page 178 StrategicCISO.com

  4. Securing Endpoints? • Data wants to be free • What are your endpoints • Data classification • It’s what you don’t know you don’t know that gets you • Email • Business Processes • Data transfers StrategicCISO.com

  5. It’s in the cloud already • Google • Amazon • Web Services StrategicCISO.com

  6. - CONFIDENTIAL - Security Trends – Current View • Security Information and Event Management • Alerts • Log Mgt • Event Correlation • Compliance Certification • Governance Risk • and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting IDS NAC HIPS WAF DAM Firewall Net DLP URL Filter Anti-Virus Anti-Spam Config Audit AV Gateway DB Scanning Product A Product B Product C Endpoint DLP Local Firewall DB Encryption Code Scanning Full Disk Encryption Patch Management Penetration Testing IAM / Single Sign-On Vulnerability Scanning Web App Scanning [Other Point Products] Endpoint Suites Network UTM Application Security Vulnerability Management StrategicCISO.com

  7. Scanning (web and/or network) products identify potential weaknesses • Data overload including false positives/negatives – not most critical threats • Does not prove exploitability, limited-view point solution, single vector • IT-GRC gathers information to aggregate and report • Mostly used for higher-level policy and governance with little “R” • SIEM aggregates real data, dash-boarding, drill-down, etc. • SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell you if your defenses are working • Operational data, not situational. Just incidents or log data from past events • Security Risk Mgmt is simulator/model • Correlates scanned, imported and entered data to infer highest risk vulnerabilities, doesn’t do actual testing • Network only and works on models vs. a real test of the security • DLP detects and prevents transmission of confidential information To date, the critical challenge of how to provide insight into actual risks across multiple layers of infrastructure still remains! StrategicCISO.com

  8. - CONFIDENTIAL - Security – Future View IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee • Security Information and Event Management • Alerts • Log Mgt • Event Correlation • Compliance Certification • Comprehensive • Security Test and Measurement • Verify and Validate Security Controls • Measure Real-world Threat Readiness • Measure Security Effectiveness • Governance Risk • and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting IDS NAC HIPS WAF DAM Firewall Net DLP URL Filter Anti-Virus Anti-Spam Config Audit AV Gateway DB Scanning Product A Product B Product C Endpoint DLP Local Firewall DB Encryption Code Scanning Full Disk Encryption Patch Management Penetration Testing IAM / Single Sign-On Vulnerability Scanning Web App Scanning [Other Point Products] Endpoint Suites Network UTM Application Security Vulnerability Management StrategicCISO.com

  9. Know your Strategy • Cyber Strategy Musings (WordPress) • The Key of Knowledge – Book 2 • The second area of knowledge in this key is “Knowing your environment”.  • By Extension – Know Your Strategy StrategicCISO.com

  10. Your Guide StrategicCISO.com

  11. Key of Knowledge • What are your critical business assets? • Data / Asset Classification • You can’t protect everything • Focus on the most important assets StrategicCISO.com

  12. Evaluate your existing controls • Anti-Virus and Firewalls are not enough StrategicCISO.com

  13. Evaluate your existing controls • Compliance Checklists are not enough • Network Solutions was PCI compliant before breach • Angela Moscaritolo, July 27, 2009 • Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information. • http://www.scmagazineus.com/network-solutions-was-pci-compliant-before-breach/article/140642/ StrategicCISO.com

  14. Evaluate your existing controls • Layered Security – The Castle Model StrategicCISO.com

  15. Understand the threat • The Symantec Global Internet Threat Report, which covers trends in 2009, says attackers are aggressively targeting employees' social networking profiles to help target key personnel inside targeted companies. Meanwhile, Web-based attacks targeting PDF views accounted for half of all Web-based attacks last year, up from 11 percent in 2008. • And malware creation increased thanks to more automated tools, according to Symantec, which says it identified more than 240 million new malware programs last year, a 100 percent increase over 2008 Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 PercentNew Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009Apr 20, 2010 By Kelly Jackson HigginsDarkReading http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064

  16. Understand the threat • Insider Threats StrategicCISO.com

  17. Understand the Threat Officials Scramble to Review Emerging Afghan War Documents for 'Damage' Published July 26, 2010 | FoxNews.com U.S. government agencies have been bracing for a deluge of thousands more classified documents since the leak of helicopter cockpit video of a 2007 firefight in Baghdad. That was blamed on a U.S. Army intelligence analyst, Spc. Bradley Manning, 22, of Potomac, Md. He was charged with releasing classified information this month. Manning had bragged online that he downloaded 260,000 classified U.S. cables and transmitted them to Wikileaks.org.  http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/ StrategicCISO.com

  18. Understand the threat • Know your threat matrix StrategicCISO.com

  19. Develop your Risk Strategy • Determine your organizations risk tolerance • Know your vulnerabilities • Understand how the threats apply StrategicCISO.com

  20. Develop your protection Strategy • Compliance requirements • Protect your valuable data • Put systems in place that protect your data as it moves • Proactive intelligence on your environment • Discover your real vulnerabilities • Break the malware cycle

  21. The barbarians will get in StrategicCISO.com

  22. Understand the overhead • Operationalize Security • Use Managed Services / Cloud Services where practicable • Use automated systems StrategicCISO.com

  23. Complexity can break security StrategicCISO.com

  24. Understand your organization’s business need • Be an enabler of business • Connect to your Enterprise Risk Management • Show how it affects the bottom line StrategicCISO.com

  25. Execute • Response and remediation • Robust Incident Response Plan • Response not react • Don’t merely remediate StrategicCISO.com

  26. Execute • Real time Protection • Find the barbarians that get past the gate • New Technologies StrategicCISO.com

  27. Execute - Test StrategicCISO.com

  28. Evaluate • Col. John Boyd’s OODA Loop StrategicCISO.com

  29. Evaluate • Metrics • INCREASING CYBER-SITUATIONAL AWARENESS VIA ENTERPRISE METRICS • Core Security Technologies Blog • Today’s ferocious cybersecurity environment is dynamic. One of the challenges that organizations, both public and private sector, have encountered in attempting to mature their IT security and risk management plans has been a lack of methods to calculate truly relevant metrics that would allow for them to better understand and benchmark their security standing over time. • http://blog.coresecurity.com/2010/04/29/increasing-cyber-situational-awareness-via-enterprise-level-metrics/ StrategicCISO.com

  30. The Future of Data Protection StrategicCISO.com

  31. Questions • Contact Information Bob.Maley@StrategicCISO.com

More Related