1 / 14

IT Steering Committee Meeting Security Operations Center

IT Steering Committee Meeting Security Operations Center. Thursday, January 23, 2014 10:00 am – 11: 3 0 a m. Agenda. Cyber Security Center of Excellence Project Phase Implementation Next Steps. State of Hawaii’s Transformation Programs. Security Operations Center.

karah
Download Presentation

IT Steering Committee Meeting Security Operations Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Steering Committee MeetingSecurity Operations Center Thursday, January 23, 2014 10:00 am – 11:30 am

  2. Agenda • Cyber Security Center of Excellence • Project Phase • Implementation • Next Steps

  3. State of Hawaii’s Transformation Programs

  4. Security Operations Center Mission Statement:“To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.”

  5. Project Phase 4 Phased Approach

  6. Implementation - Security Devices

  7. Implementation Lessons Learned Detect Analyze Respond Recover Integration Process Training Enterprise-Wide Incident Response Plan

  8. Implementation - Detect • Detection through ArcSight • Detect intrusions at perimeter, internal network, hosts, applications

  9. Implementation - Analyze • Detailed Analysis with LiveAction • Determine severity, scope, business impact

  10. Implementation - Analyze • Initial Cyber Incident Report • Notification to Business and Program Owners

  11. Implementation - Respond • Response Options • Can stop attack at perimeter, access layer, host, or somewhere in between

  12. Implementation - Recover • Recover systems to normal state • Includes threat removal, damage assessment, forensics, reporting and lessons learned • Plan the Recovery • Collect Incident Data • Cleanup & Recovery of Incident • Forensics - Reconstruct • Damage & Cost assessment • Revise plan & response • Complete post-incident analysis and reporting • Reporting internally & to authorities

  13. Implementation – Verify and Validate • Ensure mitigation efforts were successful • Watch-list monitoring with multiple Cyber Tools

  14. Next Steps • Continue Server Categorization • Defining use cases for Alerting, Reporting and Dashboards in ArcSight • Continue Adversary Hunting • Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems) • Begin Enterprise-Wide Incident Response Program Development • Thank You

More Related