A quick glace at Intelligence Led Risk Management

Slides:



Advertisements
Similar presentations
Disaster Management Civil-Military Coordination
Advertisements

Air Force Core Functions
THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1 Rules for the Use of Force in Military Law Enforcement and Security Duties.
Effective Design of Trusted Information Systems Luděk Novák,
Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.
Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
November 2008 Michael Smith (SAIC) Steve Lockwood (PB Consult) NCHRP Project SP20-59 (17) CAPTA Costing Asset Protection: An All Hazards Guide for Transportation.
Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.
The National Intelligence Model (NIM)
Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Operational Security PCC. VII-F.1.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.
Enterprise Visibility & Security Analytics Rocky DeStefano, VP of Strategy & Technology.
SOCIO-TECHNICAL SYSTEMS APPROACH TO PEACE SUPPORT OPERATIONS Mapule Modise & Louise Leenen.
Engaging the Adversary as a Viable Response to Network Intrusion Sylvain P. Leblanc & G. Scott Knight Royal Military College of Canada PST 05 Workshop.
1 Tactics and Penetration Testing. Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
TEFMA 2008 Sudhish Nayyar. AGENDA CRISIS –What is the worst thing that could happen? –Where? –When? Steps in effective Crisis Management Aon’s capabilities.
RICKY MASON COMMUNITIES INSPECTOR THE NATIONAL INTELLIGENCE MODEL L DIVISION.
UNCLASSIFIED // FOR OFFICIAL USE ONLY CMD LOGO Operations Security (OPSEC) CMD LOGO Assessment in-brief DD MMM YYYY Presenter Contact information.
1 Protecting Communities: Managing Harm 22 nd February 2016 Chief Constable Simon Cole QPM leics.police.uk.
OPERATIONS SECURITY 16 August August 2004.
April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.
Overall Classification of this Briefing is UNCLASSIFIED//FOUO
Homeland Security Grants. Presidential Decision Directive 1998 – PDD 62 –Fight against Terrorism a top national priority Counter Terrorism tools Improve.
Headquarters U.S. Air Force
BruinTech Vendor Meet & Greet December 3, 2015
Headquarters U.S. Air Force
Cybersecurity - What’s Next? June 2017
An assessment framework for Intrusion Prevention System (IPS)
You’re fired! The Strategic Defence and Security Review
Strategic analysis Europol’s products and services
Security Engineering.
CYBER THREAT INTELLIGENCE
Wenjing Lou Complex Networks and Security Research (CNSR) Lab
REACH Mission & Objectives
Cyber Threat Intelligence Sharing Standards-based Repository
8 Reasons You Need a Security Penetration Test
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
The Cyber Challenge Lessons Learned from the Department of Energy
Evolution Of Cybersecurity
The U.S. Department of Homeland Security
55 Assessment, monitoring and evaluation
On Call Training For Winter Preparedness
Societal resilience analysis
CMD LOGO Operations Security (OPSEC) Assessment in-brief Presenter
Overall Classification of this Briefing is UNCLASSIFIED
Enhanced alerting and collaborative incident management
Third-party risk management (TPRM)
Strategic threat assessment
Final Conference 18 Set 2018.
Prevention, Intelligence
Lessons from Implementing Livestock Insurance in Kenya and Ethiopia
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Chapter 1 Key Security Terms.
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

A quick glace at Intelligence Led Risk Management Threat Intelligence A quick glace at Intelligence Led Risk Management

A brief history of me…… Former Child Former Military Police NCO Former Military Intelligence NCO Former Bus Driver – got into InfoSec 5 years ago Worked for DXC on the MoD Contract Worked at Auriga Consulting on the Nuclear Decommissioning Authority contract Worked at Virgin Money in 2nd Line Risk Currently working for Infinium as an IT Security Specialist RNLI volunteer All round “good egg”

Agenda What is “Threat intelligence” Information, Misinformation, Intelligence and Actionable Intelligence What's the difference between information and intelligence What does threat intelligence mean to business? Threat Intelligence & Risk Management Techniques, tactics and procedures (TTPs) Symmetric TTPs in digital business Asymmetric TTPs in digital business Application of Intelligence led risk management in digital business Conclusions Questions

Threat Intelligence Utilisation

What is Threat Intelligence? Threat intelligence is inferred, evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice about an existing or emerging threat or hazard to assets. It can be used to inform decisions regarding the subject's deployment of countermeasures or response to that hazard or threat or target adversarial assets. If its Done Well!

Intelligence Terminology Information Misinformation Intelligence Actionable Intelligence

Information vs Intelligence

Intelligence Tools Intelligence Collection Plans PoL Analysis Link Analysis F3EA Money Tracing OSINT Tools Forming a working Hypothesis Murder groups (its not what you think)

Intelligence Products

Threat Intelligence in the Business World Threat Intelligence will identify, categorise and draw recommendations in relation to threats from a number of malicious sources A robust business threat intelligence program, done well, will assist with strategic decisions affecting any number of business critical processes

Threat Intelligence in Risk Management Ad – Hoc Threat Based Formal Risk Management Frameworks Intelligence Led………………….?

Intelligence Led Risk Management

Tactics, Techniques & Procedures TTPs How we think How we carry out actions What we like Routes we take Places we go to Places we avoid People we avoid Things we wear People we interact with Our Loyalties Our Ideals Things we eat Things we admire Our Ideology Language we use What we dislike

Symmetric TTPs Supported Live Environment Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset

Asymmetric TTPs Supported Live Environment Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Compromise of Environment Ineffective Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset

Deploy countermeasures Apply Intelligence Process Understand your defensive capabilities Understand your Vulnerabilities Know your Foe Understand your infrastructure Protect

Conclusions Threat intelligence should be at the forefront of everything we do Threat Intelligence is the processing of information into actionable intelligence Intelligence Led Risk Management can save significant sums of money by applying budget only where it is required The key to effective threat intelligence is understanding our estate, vulnerabilities, adversaries and countermeasures Understanding adversarial asymmetric TTPs is vital to understanding which exploits pose most the significant risk Intelligence Led Risk management could be the single most effective means of managing risk to any organisation….. If its done well!

Questions. The Fewer you ask, the quicker we’re in the pub…… Questions? The Fewer you ask, the quicker we’re in the pub…….. #justsayin