Using security assessment methods to enhance the feedback from security training Jonas Hallberg Division of Information Systems Swedish Defence Research.

Slides:



Advertisements
Similar presentations
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Assignment 3 LTEC 4550 Cason Parker. Network Hub A Network Hub is a device that connects other devices together using Ethernet cables. Hubs are unintelligent.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/
AVG Internet Security 7.5 Product presentation.
Separate Domains of IT Infrastructure
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Access Controls Supervised by: Dr.Lo’ai Tawalbeh Prepared by: Abeer Saif.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Lesson 19: Configuring Windows Firewall
Factors to be taken into account when designing ICT Security Policies
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Action Automated Security Breach Reporting and Corrections.
A Brief Taxonomy of Firewalls
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Jamel Callands Austin Chaet Carson Gallimore. Downloading
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Action Automated Security Breach Reporting and Corrections.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
United Nations Statistics Division Registry of national Classifications.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Note1 (Admi1) Overview of administering security.
Module 7: Advanced Application and Web Filtering.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Lesson 11: Configuring and Maintaining Network Security
Components of wireless LAN & Its connection to the Internet
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Cryptography and Network Security Sixth Edition by William Stallings.
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Network Components and terms. Hub is a device for connection multiple ethernet devices together and making then act as a single network segment.
Brooke Thorpe COSC 101-Section 7. Overview What is a Firewall? System designed to prevent unauthorized access to or from a private network Will check.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
E Safety & Security Tools 13 th March 2009 Martin Quinn - The Westfield Centre.
Information and documentation media systems.
Critical Security Controls
AT&T Premises-Based Firewall Enhanced SBS Solution
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Information and documentation media systems.
Introduction to Operating Systems
CMGT 230Competitive Success/snaptutorial.com
Intrusion detection systems?
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Protection Mechanisms in Security Management
The OSI Security Architecture
Presentation transcript:

Using security assessment methods to enhance the feedback from security training Jonas Hallberg Division of Information Systems Swedish Defence Research Agency (FOI) Jonas Hallberg Division of Information Systems Swedish Defence Research Agency (FOI)

Training environment

Security assessment focus

Security assessment context

Security assessment method XMASS - eXtended Method for Assessment of System Security

XMASS – systems modeling Systems are modeled as interconnected components Two main classes of components: 1.Traffic generators, e.g. PCs and PDAs 2.Traffic mediators, e.g. firewalls and hubs Two types of relations: 1.Physical, e.g. network connections 2.Logical, e.g. node dependencies The abstraction level is not fixed Systems are modeled as interconnected components Two main classes of components: 1.Traffic generators, e.g. PCs and PDAs 2.Traffic mediators, e.g. firewalls and hubs Two types of relations: 1.Physical, e.g. network connections 2.Logical, e.g. node dependencies The abstraction level is not fixed

XMASS – security values Entity profiles Security profiles consist of security features with corresponding elementary security values Filtering profiles describes the ability of traffic mediators to block malicious traffic Entity relations Inter-component relations are modeled with a set of functions System-dependent security profiles Computed for each component based on component security profiles and relations System security values Based on the system-dependent security profiles Entity profiles Security profiles consist of security features with corresponding elementary security values Filtering profiles describes the ability of traffic mediators to block malicious traffic Entity relations Inter-component relations are modeled with a set of functions System-dependent security profiles Computed for each component based on component security profiles and relations System security values Based on the system-dependent security profiles

XMASS – tasks

Requirement collections Security feature# requirements Access Control19 Security Logging12 Intrusion Prevention 17 Intrusion Detection 12 Protection against Malware 16

Security profile template

Security profiles

Workflow Preparation Model network Export network model In action Accept tokens Update model After-action review Documentation Preparation Model network Export network model In action Accept tokens Update model After-action review Documentation

Preparation

In action

After-action review

Enhanced training Support the specification of the network Provides in-training security status overview Supports the after-action review Support the specification of the network Provides in-training security status overview Supports the after-action review