Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

Published byAlexina Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015."— Presentation transcript:

1 Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015

2 Benefits to you 1) More effective coverage of the tools you have 2) Clear out agent cruft 3) Free up resources to do more

3 Agent Fatigue https://flic.kr/p/9ZeoJG

4 Reason why we're here Wikipedia

5 More reasons https://flic.kr/p/4M2YVp

6 Because… reasons https://flic.kr/p/dbWTNt

7 Framework

8 Imma let you finish, but... https://mlpforums.com/topic/29711-my-feelings-on-the-new-admin/

9 Culture affects framework Build our own Free tools & become experts Buy vs. Build Outsource it all

10 Security principles statement

11 Prerequisites Prevention Detection Response

12 Prerequisites Prevention Detection ResponseAnalysis Deterrent

13 Framework Governance (policies, standards, procedures, relationships, measurements, education) Information oversight Access management Threat projections Infrastructure protection (physical & logical) Penetration detection Incident management

14 Another way Protecting Monitoring Responding (re)defining Physical Logical attack misuse Root cause analysis recovery Governance awareness Assets Network effectiveness

15 Measure capabilities Stop Look Listen

16 Matrix of capabilities

17 Cross reference with threats https://flic.kr/p/8PDoAN

18 Prioritize based on risks wikipedia

19 Get from this... https://flic.kr/p/8PDoAN

20 … to this https://www.pinterest.com/lovelypitusa/crochet-men/

21 Questions? Comments! feedback@in-security.org @inSecurityShow

22 References NIST Framework for Improving Critical Infrastructure CyberSecurity 1.0 Feb 12 2014 ISO/IEC 27032:2012 Information Technology – Security Techniques – Guidelines for cybersecurity SANS Top 20 Critical Security Controls Australian Signals Directorate Strategies to Mitigate Targeted Cyber Intrusion

Download ppt "Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015."

Similar presentations

CYBER AND INFORMATION SECURITY Cyber Security Operations Centre The Australian Chapter of the Association of Old Crows The Hilton, Adelaide 16-17 April.

CYBER AND INFORMATION SECURITY Cyber Security Operations Centre The Australian Chapter of the Association of Old Crows The Hilton, Adelaide April.
Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Governance

Information Security Governance
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Formulating a Security Policy for the Modern IT Landscape.

Formulating a Security Policy for the Modern IT Landscape.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
A National approach to Cyber security/CIIP: Raising awareness.

A National approach to Cyber security/CIIP: Raising awareness.

Similar presentations

Ads by Google