HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda - - PowerPoint PPT Presentation

hi mss cyb e rse c urity co mmunity spo nso r
SMART_READER_LITE
LIVE PREVIEW

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda - - PowerPoint PPT Presentation

Apr 07, 2024 349 likes •547 views

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda me nta ls b a se d o n the NI ST Cyb e rse c urity F ra me wo rk 01.23.2020 Speaker I ntr oduction Ric k Spatafor e CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r,

slide-1
SLIDE 1

HI MSS Cyb e rse c urity Co mmunity Spo nso r

1

slide-2
SLIDE 2

Se c urity F unda me nta ls

b a se d o n the NI ST Cyb e rse c urity F ra me wo rk

01.23.2020

slide-3
SLIDE 3

Speaker I ntr

  • duction

Ric k Spatafor e

CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r, Adviso ry Se rvic e s with Se ntine l T e c hno lo g ie s 15 ye a rs He a lthc a re I T 15 ye a rs c yb e rse c urity & c o mplia nc e 25 ye a rs in te c hno lo g y

3

slide-4
SLIDE 4

4

What ar e c ybe r se c ur ity fundame ntals?

slide-5
SLIDE 5

Se c ur ity Data & Re se ar c h

5

slide-6
SLIDE 6

Se c ur ity Postur e

6

Atta c ks a re o n the rise (2017, 2018, 2019)

  • 2017-2018 inc lude d a sma ll inc re a se in b re a c he s
  • Da ta e xpo se d triple d ye a r o ve r ye a r

Ra nso mwa re will c o ntinue AI wa s o ne o f the to p pre dic tio ns fo r 2019

  • AI

is a g a in a to p pre dic tio n fo r 2020

Clo ud mig ra tio n will inc re a se se c urity risk Clo ud se c urity is no t ma ture

slide-7
SLIDE 7

Se c ur ity is no t o ne size fits all

7

Capabilities Resources Threats

slide-8
SLIDE 8

Cybe r Kill Chain - Anatomy of an Attac k

Re c onnaissanc e – r e se ar c h, ide ntify and se le c t tar ge ts c ommon use of we b site s, soc ial me dia, e ve nt listings, por t sc ans We aponization – pair ing ac c e ss to malwar e with de live r able payload (e .g. Adobe PDF , Mic r

  • soft Offic e F

ile s) De live r y – tr ansmission of we apon to tar ge t (e .g. via e mail, attac hme nts, we bsite s, USB or

  • the r

physic al me dia E xploitation – Onc e de live r e d, the we apon’s c ode is tr igge r e d e xploiting vulne r able applic ations or syste ms Installation – Onc e de live r e d the we apon’s c ode is tr igge r e d, e xploiting vulne r able applic ations or syste ms Command & Contr

  • l – Outside se r

ve r c ommunic ate s with the we apons pr

  • viding ac c e ss inside the tar

ge t’s ne twor k Ac tions on Obje c tive s – Attac ke r wor ks to ac hie ve the obje c tive of the intr usion – e xfiltr ation, data de str uc tion, or intr usion of anothe r tar ge t

8

slide-9
SLIDE 9

NIST Cybe r Se c ur ity F r ame wor k

9

Asse t Ma na g e me nt Busine ss E nviro nme nt Go ve rna nc e Risk Asse ssme nt Risk Ma na g e me nt Supply Cha in Risk Ma na g e me nt Id e ntity Ma na g e me nt Ac c e ss Co ntro l Awa re ne ss & T ra ining Da ta Se c urity Pro c e ss & Pro c e d ure s Ma inte na nc e Pro te c tive T e c hno lo g y Ano ma lie s a nd E ve nts Se c urity Co ntinuo us Mo nito ring De te c tio n Pro c e ss Re spo nse Pla nning Co mmunic a tio ns Ana lysis Mitig a tio n Impro ve me nts Re c o ve ry Pla nning Impro ve me nts Co mmunic a tio ns

IDE NT IF Y RE SPOND RE COVE R PROT E CT DE T E CT

slide-10
SLIDE 10

NIST CSF : Ide ntify

10

ID.AM-1 ID.AM-2 ID.AM-3 ID.AM-2: Software platforms and applications within the organization are inventoried ID.AM-3: Organizational communication and data flows are mapped ID.AM-1: Physical devices and systems within the organization are inventoried

Identify

Asset Management

slide-11
SLIDE 11

NIST CSF : Ide ntify

11

slide-12
SLIDE 12

12

PR.AC-1 PR.AC-4 PR.AC-7 PR.AC-1: Identities and credentials are managed for authorized devices and users PR.AC-4: Access permissions are managed, incorporating the principles of least privilege and separation of duties PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) (1.1)

Protect

Identity Management, Authentication and Access Control

Dig ita l I de ntity Guide line s E nro llme nt & I de ntity Pro o fing Authe ntic a tio n & L ife c yc le Ma na g e me nt F e de ra tio n & Asse rtio n

NIST CSF : Prote c t

slide-13
SLIDE 13

13

Password: x Password: Locu$t0% Passphrase: I like to vacation in Hawaii!

slide-14
SLIDE 14

14

NIST CSF : Prote c t

slide-15
SLIDE 15

15

NIST CSF : Prote c t

PR.IP-1 PR.IP-2 PR.IP-12 PR.PT-3 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained (e.g. concept of least functionality) PR.IP-2: A System Development Life Cycle to manage systems is implemented PR.IP-12: A vulnerability management plan is developed and implemented PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities (1.1) Information Protection, Processes & Procedures

slide-16
SLIDE 16

16

NIST CSF : Prote c t & De te c t

PR.IP-12 DE.CM-8

Protect

DE.CM-8: Vulnerability scans are performed PR.IP-12: A vulnerability management plan is developed and implemented

Detect

Information Protection, Processes & Procedures Security Continuous Monitoring

slide-17
SLIDE 17

NIST Cybe r se c ur ity F r ame wor k

17

slide-18
SLIDE 18

C o n ta c t In fo rm a tio n : Ric k Spa ta fore Ma na g e r, Advisory Se rvic e s Se ntine l T e c hnolog ie s Offic e : 630.786.8062 rspa ta fore @se ntine l.c om

Q&A

18