Joint ISACA and IIA Chapter Meeting November 10, 2016

Slides:



Advertisements
Similar presentations
David A. Brown Chief Information Security Officer State of Ohio
Advertisements

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Computer Security: Principles and Practice
Website Hardening HUIT IT Security | Sep
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Information Systems Security Computer System Life Cycle Security.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Appendix C: Designing an Operations Framework to Manage Security.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
SecSDLC Chapter 2.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Module 7: Designing Security for Accounts and Services.
“ I C T a d v i s o r y s e r v i c e s ” Transforming Enterprise IT Thomas Bbosa, CISSP BitWork Consult Ltd BitWork Consult Ltd.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine.
Managed IT Services JND Consulting Group LLC
Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Information ITIL Technology Infrastructure Library ITIL.
Dr. Yeffry Handoko Putra, M.T
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
BruinTech Vendor Meet & Greet December 3, 2015
Deployment Planning Services
Cybersecurity - What’s Next? June 2017
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
“Introduction to Azure Security Center”
Compliance with hardening standards
Leverage What’s Out There
ServiceNow Implementation Knowledge Management
Cyber Protections: First Step, Risk Assessment
Security Engineering.
Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>
9/16/2018 The ACT Government’s commitment to Performance and Accountability – the role of Evaluation Presentation to the Canberra Evaluation Forum Thursday,
San Francisco IIA Fall Seminar
Forensics Week 11.
ATD session 2: compliancy versus mission assurance
San Francisco IIA Fall Seminar
Transforming IT Management
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
I have many checklists: how do I get started with cyber security?
Implementing and Auditing the Critical Controls
11/8/2018 5:04 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Protecting Against Credential Theft: Today and Tomorrow
Microsoft SAM Managed Service Program
Alignment of COBIT to Botswana IT Audit Methodology
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Cybersecurity ATD technical
2/24/2019 7:49 PM BRK2198 Four new Azure management experiences to run your business critical applications Dushyant Gill | Jan Kalis.
Cybersecurity Threat Assessment
4/16/2019 5:07 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Guidance: This sales script is designed to be used. after
Cyber Security in a Risk Management Framework
DSC Contract Management Committee Meeting
Information Protection
Microsoft Data Insights Summit
<offer name> with Microsoft 365 Business Secure Deployment
Data Security and Privacy Techniques for Modern Databases
Microsoft Data Insights Summit
Information Protection
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
The state of digital supplier risk management: In partners we trust
Presentation transcript:

Joint ISACA and IIA Chapter Meeting November 10, 2016 Assessing the Maturity of Your Threat Detection and Incident Response Capabilities Joint ISACA and IIA Chapter Meeting November 10, 2016

Outline 12:10 – 12:25 PM – Jonathan Trull, Introduce Speakers & Topic 12:25 – 12:45 PM – Alfritch Anderson, State of Colorado 12:45 – 1:05 PM – Ryan Lazarony, Western Union 1:05 – 1:25 PM – Todd Gaiser, Microsoft 1:25 – 1:50 PM – Recap and Q&A

Panel of Speakers Host – Jonathan Trull, Chief Cybersecurity Advisor, Microsoft Panel Alfritch Anderson, Security Operations Manager, State of Colorado Ryan Lazarony, Incident Response Manager, Western Union Todd Gaiser, Enterprise Threat Detection, Microsoft

Threat Detection & Incident Response Threats – the potential source of an adverse event Vulnerability – a weakness in a system, application, or network that is subject to exploitation or misuse Indicator – a sign that an incident may have occurred or may be currently occurring Event – any observable occurrence in a network or system Incident Response or Incident Handling – the process of detecting and analyzing incidents and limiting the incident’s effect.

General Incident Response Capability Create an incident response policy and plan Develop procedures for performing incident handling and reporting Setting guidelines for communicating with outside parties regarding incidents Select a team structure and staffing model Establish relationships and lines of communication between the IR team and other groups Determine what services the IR team should provide Staff and train the IR team

NIST Detection and Response Lifecycle

COBIT® Harmonises Other Standards COBIT is often used at the highest level of IT governance It harmonises practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK Improves their alignment to business needs Covers full spectrum of IT-related activities COBIT is designed to be complementary to, and used together with, other standards and good practices. Detailed practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK (the Project Management Body of Knowledge) cover specific areas and can be mapped to the COBIT framework, providing a hierarchy of guidance. Standards should be implemented to benefit the specific needs of businesses and COBIT can help ensure that various standards are aligned. 27001/2 7

COBIT® Defines Processes, Goals and Metrics Relationship Amongst Process, Goals and Metrics (DS5) The chart illustrates the relationship between the business, IT, process and activity goals, and the different metrics. From top left to top right, the goals cascade is illustrated. Below the goal is the outcome measure for the goal. The small arrow indicates that the same metric is a performance indicator for the higher-level goal. The example provided is from DS5 Ensure systems security. COBIT provides metrics only up to the IT goals outcome as delineated by the dotted line. While they are also performance indicators for the business goals for IT, COBIT does not provide business goal outcome measures. The metrics have been developed with the following characteristics in mind: • A high insight-to-effort ratio (i.e., insight into performance and the achievement of goals as compared to the effort to capture them) • Comparable internally (e.g., percent against a base or numbers over time) • Comparable externally irrespective of enterprise size or industry • Better to have a few good metrics (may even be one very good one that could be influenced by different means) than a longer list of lower-quality metrics • Easy to measure, not to be confused with targets

U.S. Framework for Improving Critical Infrastructure Cybersecurity

Detection Controls

Detection Controls

Detection Controls

Response Controls

Response Controls

CSC # 6 – Maintenance, Monitoring, and Analysis of Audit Logs CSC # 6: Maintenance, Monitoring, and Analysis of Audit Logs - Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. CSC # 16: Account Monitoring and Control – Actively manage life cycle of system and application accounts – their creation, use, dormancy, deletion – in order to minimize opportunities for attackers to leverage them. CSC # 19: Incident Response and Management – Protect the organization’s information, as well as it’s reputation, by developing and implementing an incident response infrastructure for quickly discovering an attack and effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and system.

My Top Line Measures Median Time to Detection or MTD = 2 hours or less Median Time to Containment or MTC = 30 minutes or less

Typical Attack Timeline & Observations 6/11/2018 9:37 AM Typical Attack Timeline & Observations 24-48 Hours Average 8 months  Initial compromise or entry vector Core security compromised Service outage or data exfiltration Attack detected Title: Typical attack timeline & observations Notes: Key Message: Microsoft Understands these attacks from firsthand experience helping customers with them 0. (Start of Slide) Attackers are usually after your organization’s data to make money (though we have also seen destructive attacks), they will go after any device or server or service to get it. Attackers will research you and exploit any seam, inconsistency, or weakness (slow patching process, weak configurations, sophisticated attacks, old/weak passwords, etc.). 1. Exploiting Credentials In the attacks we have seen, attackers that get a “beachhead” on one of your network hosts will seek and find domain administrator credentials to steal within 24-28 hours (often quicker). This gives them the ability to steal almost any information on any computer. 2. Attacks Not Detected Most of these attacks go undetected for around a year (on average), leaving organizations vulnerable to ongoing loss and damage. 3. Response and Recovery Investigating and cleaning up from these attacks is typically very complex, technically challenging, and requires a lot of expertise. (Source: CSIS-McAfee Report) (Source: Ponemon Institute releases 2014 Cost of Data Breach)  © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sources for Criteria NIST Special Publication 800-61 Rev. 2 – Computer Security Incident Handling Guide Framework for Improving Critical Infrastructure Cybersecurity CIS Critical Security Controls

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.