Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building an Information Sharing Community

Published byIlene Blair Modified over 6 years ago

Similar presentations

Presentation on theme: "Building an Information Sharing Community"— Presentation transcript:

1 Building an Information Sharing Community
16 November 2016 Building an Information Sharing Community Katherine Gagnon United Nations International Computing Centre

2 Agenda About the Speaker What is UNICC? Mandate Challenges The Answer.
Status Roadmap Contact 16 November 2016 Building an Information Sharing Community

3 About the speaker Working in infosec since 1997
Firewalls Pen testing Consulting & architecture Program management World Bank nearly 7 years Endpoint engineering Cyber intel United Nations assignment 16 November 2016 Building an Information Sharing Community

4 United Nations International Computing Centre
Harmonizing UN ICT Services while Providing Value for Money ICC has over has 45 years of experience providing ICT services to UN organizations. It has a strategic view of ICT support for UN goals, the right expertise and complex knowledge about United Nations ICT environments. Value Proposition ICC offers cost savings, business efficiencies, and volume discounts based on the scale of its engagements. ICC operates on a full cost recovery basis, with surplus funds being refunded at the end of projects or initiatives. 16 November 2016 Common Secure – UNICC Confidential

5 Mandate The ICT Network of the UN Chief Executives Board recommended to the High Level Committee on Management (HLCM) that a collective approach to incident response would provide a valuable service to UN Agencies Creation of United Nations Information Security Special Interest Group (UN-ISSIG) comprised of CISOs from UN Family organizations The HLCM has included the “Establishment of a UN cross organizational Computer Incident Response Team” as part of its Strategic Plan Results Framework UNICC, with a mandate from the ICT Network, is working to build a cyber information sharing service available by subscription to the UN family of organizations 16 November 2016 Building an Information Sharing Community

6 Legislative Landscape
Subject Day Month YEAR Legislative Landscape Governments and industry associations are encouraging threat intelligence and collaboration for effective information security management, including: The European Union Directive on Network and Information Security (NIS Directive) - Risk management, collaboration and information sharing within and across member states. German Information Security Law (IT-Sicherheitsgesetz) United States CISPA (Cyber Intelligence Sharing and Protection Act) and CISA (Cybersecurity Information Sharing Act) - Information sharing between government, industry and the academic community. Source: itgovernance.eu Source: sicherheitsmelder.de 16 November 2016 ICC Technical Webinar – Common Secure Confidential, Client

7 Challenges Horizontal constituency (vs. vertical as in a more traditional ISAC / ISAO) Mature vs. Not Large organization vs. very, very small vs 16 November 2016 Building an Information Sharing Community

8 What’s a girl to do? Need the big and/or mature guys to want to participate: They have more money They have infrastructure They can mentor my little guys Need the small guys to buy-in too because I can really help them…. 16 November 2016 Building an Information Sharing Community

9 The Answer. Bring things to the table that most organizations don’t have or might not do so well, like: Well-packaged actionable intelligence Intel enrichment Sharing community HUMINT / OSINT / Risk monitoring, alerting, and takedowns Network of resources outside UN Family …So, build an individual organization’s program overall value so it helps to justify the cost of subscription. And while not requiring direct access to systems from any individual organization, still represent functional assistance to both mature and immature information security programs. 16 November 2016 Building an Information Sharing Community

10 Talking is free But!! …need to bring other value so Common Secure can recover costs for: Analysts Sources of enrichment Monitoring / Alerting / Takedowns Collaboration platform Relationship building (travel, etc) 16 November 2016 Building an Information Sharing Community

11 At a glance Be Informed Help Yourself Help Others Get Help
Common Secure Community Engagement Awareness Campaign Incident Response Assistance Best Practices Library Vendor Curation Brand Monitoring Takedowns Uptime Notices Threat Actor Tracking Actionable Intelligence & Alerting Situation Awareness Threat Briefings Training Be Informed Help Yourself Help Others Get Help 16 November 2016 Building an Information Sharing Community

12 (Attributable/Non-Attributable)
Low-hanging fruit User awareness campaign Best practices library Malware analysis and IR professional services Training Intel enrichment Contacts across the globe and direct relationship building Threat actor tracking COMMUNICATIONS!!! SHARING (Attributable/Non-Attributable) MENTORING More Mature/Larger Organizations Less Mature/Smaller Organizations 16 November 2016 Building an Information Sharing Community

13 Basically I want to: Aggregate threat information across the UN system to improve overall situational awareness for the benefit of all members By partnering with Common Secure, any UN family organization can effectively mature their individual cyber security programs by cooperative road mapping and using information provided by Common Secure as an input in to organizational processes Leverage the relationships already in place while building new ones together: Direct contacts with major service providers, researchers, CERTs, vendors for information and action. 16 November 2016 Building an Information Sharing Community

14 Monitoring as a Service Vulnerability Scanning Malware analysis
Complements CISO as a Service Security as a Service Monitoring as a Service Vulnerability Scanning Malware analysis 16 November 2016 Building an Information Sharing Community

15 Recent WIN! UN Family Organization “A” sends details of infection investigation to Common Secure Common Secure releases non-attributable notice to Common Secure “subscribers” detailing the infection UNICC implements recommended changes to managed client environment <1 day later, UN Family Organization “B” is protected from infection by the rules implemented as a result of “A” org’s share 25 October 2016 16 November 2016 ICC Technical Webinar – Common Secure

16 Current Status “Beta” distribution of Common Secure Alerts and Notices to interested parties within UN Family Notifications of incidents directly to organizations: 3 separate instances of web servers being compromised Thousands of credential thefts 2 account compromises Several system infection alerts 1 law enforcement inquiry regarding validity of purported UN document Coordination of a multi-org investigation after being contacted through Intel community from a security researcher of an “issue” Awareness notification of APT actor building “UN-themed” infrastructure for future attacks Japanese nuclear system attack inquiry 16 November 2016 Building an Information Sharing Community

17 Roadmap Building partnerships outside UN Family and a reputation for action & excellence Maturity over the next 2-4 years as Common Secure builds membership, and therefore builds revenue/resources, with: Automated IOC Sharing Static Malware Analysis Monitoring & SIEM Management 16 November 2016 Building an Information Sharing Community

18 Questions? Katherine Gagnon
Subject Day Month YEAR 16 November 2016 Questions? Katherine Gagnon United Nations International Computing Centre Lead, Common Secure | Confidential, Client

Download ppt "Building an Information Sharing Community"

Similar presentations

GAMMA Overview. Key Data Grant Agreement n° 312382 Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget: 14.837.981.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
Seán Paul McGurk National Cybersecurity and Communications

Seán Paul McGurk National Cybersecurity and Communications
Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.

APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.
Committed to Connecting the World International Telecommunication Union Presentation Brief about ICTs Applications activities Telecommunication Development.

Committed to Connecting the World International Telecommunication Union Presentation Brief about ICTs Applications activities Telecommunication Development.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/2013 1.

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.

UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.

CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Office of Special Projects Issues arising from the Second Review Conference on Safety and Security at Chemical Plants and Relationships with CWC stakeholders.

Office of Special Projects Issues arising from the Second Review Conference on Safety and Security at Chemical Plants and Relationships with CWC stakeholders.
Vision to Reality: How Knowledge Sharing Promotes Efficiencies Through Process Improvement  History of the Knowledge Collaboration Centre (KCC)  The.

Vision to Reality: How Knowledge Sharing Promotes Efficiencies Through Process Improvement  History of the Knowledge Collaboration Centre (KCC)  The.
Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College.

Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College.

Similar presentations

Ads by Google