National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Slides:

Advertisements

Similar presentations

CDCs 21 Goals. CDC Strategic Imperatives 1. Health impact focus: Align CDCs people, strategies, goals, investments & performance to maximize our impact.

Advertisements

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

DHS, National Cyber Security Division Overview

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Dr. Julian Lo Consulting Director ITIL v3 Expert

Security Controls – What Works

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Computer Security: Principles and Practice

The Information Systems Audit Process

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

Network security policy: best practices

MENTORSHIP IN RESEARCH BY GEOFFREY LAMTOO GULU UNIVERSITY.

T HE CHALLENGES OF COMMUNICATING THE FORESIGHT STUDY OUTCOMES TO BETTER ADVISE DECISION MAKERS IN POLICY AND STRATEGY MATTERS Claudio Chauke Nehme –

Competency Models Impact on Talent Management

Information Technology Audit

Factors influencing open source software adoption

Internal Auditing and Outsourcing

How to Manage the Organizational Change LaMarsh & Associates, Inc.

SEC835 Database and Web application security Information Security Architecture.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

1 CREATING A LEARNING ORGANIZATION AND AN ETHICAL ORGANIZATION STRATEGIC MANAGEMENT BUAD 4980.

Seán Paul McGurk National Cybersecurity and Communications

Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.

Using Business Scenarios for Active Loss Prevention Terry Blevins t

Workshop on Programming in support of Anti-Corruption Agencies Bratislava, 30 June - 1 July 2009 A methodology for capacity assessment of AC agencies:

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

How Schools and Communities Can Better Serve Young People Building Effective Youth-Adult Partnerships.

Environmental Management System Definitions

Community Board Orientation 6- Community Board Orientation 6-1.

Programme Objectives Analyze the main components of a competency-based qualification system (e.g., Singapore Workforce Skills) Analyze the process and.

CIS 4930/6930: Systems Security Instructor: Xinming “Simon” Ou TA: Xiaolong “Daniel” Wang Class time: MW 2-3:15 1.

1-2 Training of Process Facilitators 3-1. Training of Process Facilitators 1- Provide an overview of the role and skills of a Communities That Care Process.

Take Charge of Change MASBO Strategic Roadmap Update November 15th, 2013.

InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.

Kathy Corbiere Service Delivery and Performance Commission

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

5 chapter 420 PHCL Strategic Planning in Pharmacy Operations.

Leadership Development: fostering a healthy transitions.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Discuss the analytical skills, including systems thinking, needed for a systems analyst to be successful Describe the technical skills required of a systems.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Managing the National Communications Process UNFCCC Workshop on Exchange of Experiences and Good Practices among NAI Countries in Preparing NCs September.

RISK MANAGEMENT FOR COMMUNITY EVENTS. Today’s Session Risk Management – why is it important? Risk Management and Risk Assessment concepts Steps in the.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Copyright © May 2014, Montessori Centre International.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Finding a trainee position – advice and tips. If you have trouble finding a trainee position Make sure your CV stands out for the right reasons Your CV.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

CIS 4930/6930: Systems Security

Principles of Good Governance

Center of Excellence in Cyber Security

Decrypting Data Compliance in China

Cyber Security coordination in Europe CERT-EU’s perspective

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

Cyber-security and IEC International Standards

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

Enhanced alerting and collaborative incident management

Risk Mitigation & Incident Response Week 12

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies, and Scenarios Threat Information Sharing; Perspectives, Strategies, and Scenarios 15 June 2015 Tim Grance, NIST, Sarah Brown, Fox-IT, Luc Dandurand, ITU Thomas Millar, US CERT, Pawel Pawlinski, CERT.PL 1

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Information Sharing Benefits Organizations are sharing information and collaborating on its refinement for: –Shared Situational Awareness –Expanded Understanding of Threat Horizon –Knowledge Maturation –Greater Defensive Agility –Improved Decision-Making 2

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Information Sharing Challenges Prior to Sharing –Establishing Trust –Policy, Legal, and Organizational Restrictions –Risk / Benefit Analysis – what to share? As Data is Shared –Collecting and classifying information –System interoperability –Preserving Anonymity Post Sharing –Classification of information –Generate / refine / action the intelligence 3

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Desired Characteristics of Cyber Threat Information Timely – in time for the recipient to act Relevant – applicable to the recipient’s operational environment Accurate – correct, complete, and unambiguous Specific – providing sufficient detail and context Actionable – providing or suggesting an effective course of action 4

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Cyber Threat Information Sources Internal –Intrusion Detection/Protection Systems –Security Information and Event Management –OS, network, security, and application logs –Personnel External –Open, public sharing communities –Government sources –Sector peers and business partners –Vendor alerts and advisories –Commercial Services 5

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Cyber Threat Information Types Indicators – an artifact or observation that suggests that an attack is imminent, is underway, or may have already occurred Tactics, Techniques, and Procedures – insights related to an adversary’s behavior, conduct, and tools Countermeasures – actions to counter a specific threat Adversary – information regarding the threat agent or actor 6

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Observations on Trust Trust equals knowledge, skills, experience, abilities, accuracy, integrity, reliability, commitment Trust gives us confidence to act When we trust we are more likely to share Trust is hard to earn, it must be cultivated Trust is difficult to restore if lost 7

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Building and Maintaining Trust Trust is built through shared experiences Use sharing models that bring together contributors, participants, and consumers –Discuss current threats –Share technical insights –Develop mitigation strategies –Train, mentor, and develop skills –Mentor new community members –Develop key practices and resources 8

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Establishing Sharing Relationships Define Goals, Objectives, and Scope of Sharing –Mission specifics; resources; approvals Conduct an Information Inventory Establish Information Sharing Rules –Sources; sensitivity; restrictions; marking Join existing Sharing Communities –Info actionable; mechanisms; NDAs, etc. Supporting an Information Sharing Capability –Resources; proactive measures Look for information that is easier to share (e.g., threats vs incidents) 9

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory 1.What are the sharing barriers? 2.Overview of sharing architectures, capabilities, technical mechanisms (e.g.identity, access control, etc), and trust issues 3.How is sharing done today? 1.Non-attributed vs attributed. 2.Protection of shared information. 3.Data analytics, etc. 4.Advice on how to create, maintain, and enhance sharing relationships 5.How can sharing be more scalable? 6.Specific technical and policy recommendations for the use of shared threat information. Indemnification? 7.What examples (past or future) or specific incident scenarios illustrate how sharing could realistically work to improve security and operational capability? 10 Discussion Questions

National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Achieving Meaningful Information Sharing: A Few Take-Aways Operate at time scales consistent with the information Trust leverages personal connections, operational record, legal processes Trust is paramount and hard to establish, but preparation helps As communities grow in size, trust is harder to achieve Organizational abilities vary greatly Roles and responsibilities need to be clearly articulated before sharing Simplicity facilitates sharing 11