Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

Published byMarilyn Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September."— Presentation transcript:

1 Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September 2014

2 Presentation Topics SNO –Security Survey Results Leadership Support Security Organizational Structure Security Incident Flow Security Best Practice 2

3 SNO - Security Survey 3

4 Is your Security Information Program supported by your executive leadership?

5 Has your company completed a Business Impact Analysis (BIA) as it relates to the Risk/vulnerability potential associated with a security incident?

6 Is there an established Security Incident Reporting process in your organization?

7 Would you say your company has effective security controls in place? ( Administrative, Technical, Physical)

8 What are your top challenges related to security?

9 Does your company have an effective Configuration Management/Change Control Process in place to track changes, system owners, and configuration information?

10 Does your company have established Business Continuity and Disaster Recovery Programs?

11 What area of your organization would be most beneficial for this team to focus on "Best Practice" recommendations?

12 How do I gain leadership Support? 12

13 Information Security Management Protecting the assets of the organization through the implementation of physical, administrative, managerial, technical and operational controls. Organizations are competing in a global marketplace which is governed by laws and best practices such as i.e., NIST,ITIL,ISO2700, HIPAA,FISMA,COSO, and COBIT… Failure to protect information assets from loss, destruction, or unexpected alteration can result in significant losses of productivity, reputation or financial loss. Information and the systems supporting the mission of the organization are assets which must be protected 13

14 Gaining Leadership Support Business Continuity & Disaster Recovery Planning Leaders have 2 main goals – To execute the mission of the company – To protect the organization Security’s Primary goal is To Protect the Organization Risks associated without a sound plan in place – Financial Loss – Loss of Reputation / Customer Confidence – Regulatory Fines/Penalties/Lawsuits Effective security management requires judgment based on the Risk Tolerance of the organization, the Cost to Implement the security controls and the Benefit to the organization. 14

15 Risk Assessment 15

16 Risk Assessment & the Business Impact Analysis Must be effective communicating Risk and the possible security solutions Sr. Management has the final decision on implementing specific security controls There will always be Residual Risk. The goal is to minimize risk to a level that fits with the companies Risk Tolerance 16 Security and Risk Management Relationship

17 Enterprise Information Security and IT Compliance Information Security Applications and Services IT Policy and Compliance Vulnerability and Risk Management Identity Management and Information Security Enterprise Identity Management Program Security Program Management Project Management Security Architecture Access Management Identity Management Access & Authentication Management Identity Controls Cyber Incident Response & Forensics/eDiscovery Vulnerability Management Application Security Project & 3 rd Party Risk Reviews Policy Governance Remediation Planning, Management & Reporting Security Awareness Program IT Compliance, Audits & Assessments (SOX, PCI, HIPAA/HITECH, etc.) Security Event Monitoring Antivirus / Spyware Data Leakage Prevention File Integrity Management Security Infrastructure Tools System, Application and Network Security Event Logs Cyber Incident Response IT Security Investigations Forensic and e-Discovery/Legal Data Privacy, Loss, Control Data Inventory and Classification Planning, Design Penetration Testing Ethical Hackers 17

18 Incident Management 18

19 Phases of a Cyber Incident - Preparation 19 7x24x365 CDC - First Tier Support CSIRT – Second Tier Training GCIH, CISSP, CISA, CEH, EnCE Playbooks Exercises Tools Arbor DDOS Intrusion Detection (NIDS) Network Packet Capture Security Event Management

20 Sample Event Flow: Cyber Incident - Detect 20 Receive Notice of Possible Cyber Attack Cyber Incident Response Plan Activated > Cyber Emergency Response Team CDC (Tier 1) Alerts from Security Tools (AV, Arbor, IDS, etc.) Phone Call, Remedy, E-mail Notifications* Help Desk Escalations CERT (Tier 2) Threat Analysis Escalations Communication Escalations * 50,000+ wallet size emergency contact lists are being distributed to TWC employees Analysis Incident Management Severities: High, Critical Escalation to ECERT Analysis 1 st level Triage Severities: Low, Medium Escalation To CSIRT 1 st Level Triage

21 Event Flow: Cyber Incident - Contain CDC Incident Management CERT 3 rd Party Vendors Operational Teams Help Desks Owners of Attacking Address 21 Receive Notice of Possible Cyber Attack Cyber Incident Response Plan Activated > Cyber Emergency Response Team CERT: Business Decisions Legal Breach Notification Public Relations CDC: Containment->Eradication->Recovery Incident Management with Technical Teams Technical Communications

22 22 Cyber Incident – Post Mortem Lessons Learned Which CSCs helped or would have helped? Exactly what happened and when? How well did staff and management perform? How could information sharing have been improved? What additional tools or resources are needed to detect and block future incidents? Recommendations Tools, resources, procedures needed? What CSCs should be more fully implemented? ESD – Asset Inventory Updates Knowledge base updates Communication improvements

23 Security Best Practices Top 10 23

24 Security Best Practices Encrypt your data: Stored data, file systems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss. Use digital certificates to sign all of your sites: Save your certificates to hardware devices such as routers or load balancers and not on the web server as is traditionally done. Obtain your certificates from one of the trusted authorities. Implement DLP and auditing: Use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data out of your network. Implement a removable media policy: Restrict the use of USB drives, external hard disks, thumb drives, external DVD writers, and any writeable media. These devices facilitate security breaches coming into or leaving your network. 24

25 Secure websites against MITM and malware infections Secure websites against MITM and malware infections: Use SSL, scan your website daily for malware, set the Secure flag for all session cookies, use SSL certificates with Extended Validation. Use a spam filter on email servers: Use a time-tested spam filter to remove unwanted email from entering your users' inboxes and junk folders. Teach your users how to identify junk mail even if it's from a trusted source. Use a comprehensive endpoint security solution: Use a multi-layered product to prevent malware infections on user devices. Antivirus software alone is not enough. Antivirus, personal firewall, and intrusion detection are all part of the total approach to endpoint protection. 25

26 Network-based security hardware and software Network-based security hardware and software: Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other "over the network" attacks and attempts at security breaches. Maintain security patches: Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date with new antimalware signatures and the latest patches. If you turn off automatic updating, set up a regular scan and remediate plan for your systems. Educate your users: It might be the most important non-hardware, non- software solution available. An informed user is a user who behaves more responsibly and takes fewer risks with valuable company data, including email. Implement strict password policies. 26

27 Questions? 27

Download ppt "Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September."

Similar presentations

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google