Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating & Sharing Value with Network Activity & Threat Correlation

Published byAubin Chabot Modified over 6 years ago

Similar presentations

Presentation on theme: "Creating & Sharing Value with Network Activity & Threat Correlation"— Presentation transcript:

1 Creating & Sharing Value with Network Activity & Threat Correlation
Jamison M. Day, Ph.D. Distinguished Data Scientist

2 Network Activity & Threat Correlation
Overview Network Activity & Threat Correlation Creating Value Within Your Organization Sharing Value Between Organizations When Does Information Sharing Work? Why Doesn’t Information Sharing Work? Potential Directions for Improvement

3 Creating Value: Continuous Improvement Cycle

4 Sharing Value: Threat Information
Sharing NetFlow or PCAP data is not necessary.

5 Some Threat Information Sharing Model Examples
Public Sector DHS Cyber Information Sharing AIS & CISCP ( ( Critical Infrastructure FS-ISAC ( General Private Sector Sharing Cyber Threat Alliance (CTA) (

6 When Does Information Sharing Work?
Cyber Security & Tragedy of the Commons Industry-Wide vs. Individual Company Concern How much focus is on the pie vs. the slice? How might sharing threat information affect a company’s competitive advantage? How does the compromise of one company affect an entire industry? Consider Financial & Critical Infrastructure vs. Retail & Manufacturing Regulatory Control Joint Visibility in Customer Trust/Confidence ?

7 Why Doesn’t Information Sharing Work?
Collection Processing Sharing Source Identification Inaccessibility Inadequate Stream Inconsistent Data/Formats Unreliability Unwillingness Low Priority Storage Media Misalignment Cyber Threat Detection Day, Jamison M.; Junglas, Iris; and Silva, Leiser (2009) "Information Flow Impediments in Disaster Relief Supply Chains," Journal of the Association for Information Systems: Vol. 10 : Iss. 8 , Article 1. 

8 Information Flow Impediments
Inaccessibility Can’t obtain data known to exist Source Identification Not knowing where to obtain data Low Priority Data is not important enough to collect, process, share Storage Media Misalignment Data storage method does not support desired information activities Inconsistent Data Formats Different data configurations limit comparison or aggregation Inadequate Stream Too much or too little information Unreliability Low confidence in data content Unwillingness Refusal to transmit data to others

9 The Tough Issue: “Unwillingness”
Value Creation: Hoarding knowledge to maintain competitive advantage Cyber investments shouldn’t help competitors / should be compensated Takes additional energy/investment to effectively share information Trust: Lack of confidence in a partner or community to treat your information as desired Attribution or anonymity Distribution restrictions Augmentation or modification Privacy: Information content infringes on others rights or puts others at risk Personally Identifiable Information (PII) Organization affiliation or association Legal: Regulatory restrictions or legal liabilities related to sharing the information International sharing limitations Potential legal retaliation (note: no civil/criminal cases with negative impact on TI sharer… yet)

10 2015 Cybersecurity Information Sharing Act (CISA)
Addresses Some Legal & Privacy Issues ( Liability Protection Provides liability protection from lawsuits for a private sector entity that is sharing or receiving cyber threat indicators. Guidelines for Treatment of Personally Identifiable Information Remove PII not directly related to cyber security threat. Industry to Government Privacy Protections Ensures guidelines exist for the receipt, retention, use, and dissemination of cyber threat indicators by a federal entity obtained when cyber threat indicators are shared with the federal government.

11 Potential Directions for Improved Information Sharing
Legal & Privacy: Maintain Control Over Shared Info Data Centric Security ( Secure the data itself rather than computers, networks, and applications Post-Distribution Access Control Audit Requests, Access, & Denial Value Creation: Compensate for Information Value Smart Contracts ( Low transaction cost, self-executing, self-enforcing Use of Information Transfers Value Trust: Create Sharing Communities Social Reputation Feedback Mechanism

12 Thank You www.lookingglasscyber.com /LG_Cyber /LookingGlassCyber
/company/LookingGlass /+LookingGlassCyber

Download ppt "Creating & Sharing Value with Network Activity & Threat Correlation"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Collaboration Strategies

Collaboration Strategies
Center for Risk Management of Engineering Systems University of Virginia Linking the Economics of Cyber Security and Corporate Reputation Barry Horowitz.

Center for Risk Management of Engineering Systems University of Virginia Linking the Economics of Cyber Security and Corporate Reputation Barry Horowitz.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 8 Avimanyu Datta, PhD

Chapter 8 Avimanyu Datta, PhD
Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.

Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.
1 Treating Customers Fairly: Some TCF considerations for the short-term insurance industry Presentation for the Insurance Conference Sun City June 2012.

1 Treating Customers Fairly: Some TCF considerations for the short-term insurance industry Presentation for the Insurance Conference Sun City June 2012.
Basic Definitions and Drivers (Sustainability Reporting) Introduction and scene setting.

Basic Definitions and Drivers (Sustainability Reporting) Introduction and scene setting.
© 2014 WESTERN DIGITAL CORP. ALL RIGHTS RESERVED. Company Confidential Legislative & Regulatory Activities Involving Cyber Security Bob Bowen May 2015.

© 2014 WESTERN DIGITAL CORP. ALL RIGHTS RESERVED. Company Confidential Legislative & Regulatory Activities Involving Cyber Security Bob Bowen May 2015.
The Next Generation Identity Verification and Assured Rights Management Preventing Cybercrime and Protecting Privacy.

The Next Generation Identity Verification and Assured Rights Management Preventing Cybercrime and Protecting Privacy.
Mass Surveillance and the Private Sector Understanding Corporate Responses to Government Surveillance Regimes Professor Kirstie Ball.

Mass Surveillance and the Private Sector Understanding Corporate Responses to Government Surveillance Regimes Professor Kirstie Ball.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.

1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
STARTING PROGRAM DEVELOPMENT ©2006 William Holmes Program Development University of Massachusetts at Boston.

STARTING PROGRAM DEVELOPMENT ©2006 William Holmes Program Development University of Massachusetts at Boston.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Similar presentations

Ads by Google