it security teams and managed security services working
play

IT Security Teams and Managed Security Services Working Together - PowerPoint PPT Presentation

Jun 16, 2023 •173 likes •894 views

IT Security Teams and Managed Security Services Working Together 2006 FIRST Conference Who am I? Chris van Breda, CD, CISSP, EnCE Click to add subtitle 2 Theme for the 2006 conference Sharing Intelligence in Global Response working

  1. IT Security Teams and Managed Security Services Working Together 2006 FIRST Conference

  2. Who am I? Chris van Breda, CD, CISSP, EnCE Click to add subtitle 2

  3. Theme for the 2006 conference “Sharing Intelligence in Global Response” working smarter and sharing knowledge in this environment, finding ways to further our initiatives on collaborative and cooperative approaches to find solutions to the problems we face in computer and network security incident response. Click to add subtitle 3

  4. Working Smarter The pressures of business, legislation and budgets force us all to see how we can work smarter. Unfortunately, working smarter for most management is another way of saying do more with less. Security budgets have limitations and most organizations have only increased spending when they are forced to by outside events – this could be legislation, litigation or loss of business due to security breaches. Click to add subtitle 4

  5. Sharing knowledge � If you’re only a one person security shop, where do you go to learn? This is an easy question to answer, just look around you. Just about anyone here will talk about security issues at the drop of a hat. If they’re like me, you’ll have trouble making them stop! � Sharing knowledge is a passion that must be spread, and that is also part of this presentation Click to add subtitle 5

  6. Collaborative and Cooperative Approaches Whether you like it or not, you’re not the only security team out there. Also the odds are that for most of you, outsourcing some or all of your IT security will become a very real possibility. The better prepared you are, the better things will go. Click to add subtitle 6

  7. Find Solutions Now that outsourcing some or all of your security requirements is a very real possibility, you need to find the best approach to dealing with it. Click to add subtitle 7

  8. This is an INTERACTIVE session You Me Discussion Click to add subtitle 8

  9. Questions/Comments Anytime Click to add subtitle 9

  10. GOAL To help teams find solutions on how to effectively outsource and work with managed security service providers (MSSP). Click to add subtitle 10

  11. Tutorial Overview Review Taxonomy Review Security Objectives Discuss Security Influences Where most teams are now How and what to outsource and why Requests for Proposals Service Level Agreements How to work with the MSSP Service Reviews How to end an agreement Click to add subtitle 11

  12. Back to Basics Communication Click to add subtitle 12

  13. Event Action Target Probe Account Scan Process Flood Data Authenticate Component Bypass Computer Spoof Network Read Intranet Copy Steal Modify Delete Click to add subtitle 13

  14. Attack Event Unauthorized Tool Action Target Vulnerability Result Physical Increased Design Probe Account Attack Access Information Scan Process Disclosure Implimenration Exchange Flood Flood Data Corruption Configuration User Component DOS Authenticate Command Script or Bypass Computer Theft Program Autonomous Spoof Network Agent Toolkit Read Intranet Distributed Copy Tool Data Tap Steal Modify Delete Click to add subtitle 14

  15. Simplified Computer and Network Incident Attackers Attacks Objectives Click to add subtitle 15

  16. Incident Attack Event Unauthorized Attackers Tool Action Target Vulnerability Objectives Result Physical Increased Hackers Design Probe Account Damage Attack Access Information Spies Scan Process Disclosure Political Implimenration Exchange Terrorists Flood Flood Data Corruption Financial Configuration User Criminals Component DOS Thrill Authenticate Command Script or Vandals Bypass Computer Theft Program Autonomous Voyeurs Spoof Network Agent Toolkit Read Intranet Corporations Distributed Copy Tool Data Tap Steal Modify Delete Ref: http://www.cert.org/research/taxonomy_988667.pdf Click to add subtitle 16

  17. Security Objectives

  18. What are your security objectives ? Business risk perspective Perimeter Security Mobile Users Internal Malfeasance Defence in Depth Incident Response Plan Tracking Metrics Click to add subtitle 18

  19. Risk Management In most cases risk management looks pretty simple, � Oversimplified, Risk = P x L, where P is the probability of an event that will cause a financial loss of L. Click to add subtitle 19

  20. Computer Weekly’s Inaugural CIO Index “More than 30% of small firms are still spending less than 1% of their IT budget on security, while larger firms have significantly increased their investment in security over the past two years, spending between 4% and 5% of their IT budgets on security.” Click to add subtitle 20

  21. Will This be YOU? “Specifically, the FTC charged that the company failed to do the following: • Assess risks to the information it collected and stored - both online and off-line. • Implement reasonable policies and procedures in key areas such as employee screening and training and the collection, handling and disposal of personal information. • Implement simple, low-cost, readily available defences to common Web site attacks or put in place reasonable measures to prevent hackers from gaining access to the company’s computer network. • Employ reasonable measures to detect and respond to incidents of unauthorized access to the data or to conduct security investigations. • Provide reasonable oversight for the handling of personal data by service providers such as third parties employed to process the information Click to add subtitle 21

  22. Will This be YOU? According to the complaint, a hacker exploited these failures by using a common Web site attack to gain access to the computer network. In addition, a television station found documents containing sensitive consumer information discarded in an unsecured trash bin. "Careless handling of consumers' sensitive financial information is an open invitation to identity thieves," said FTC chairman Deborah Platt Majoras. "Enforcing the laws designed to protect consumers' sensitive financial data is a priority at the FTC. This is the 13th case challenging faulty data security practices, and we will bring more cases if companies continue to fail consumers." Click to add subtitle 22

  23. Influences � Legislation � Privacy � Consumer confidence � Type of Business � Resources � Users � Budget Click to add subtitle 23

  24. Typical Situation � Understaffed � Overworked Click to add subtitle 24

  25. Dynamics of Incident Response By Johannes Wiik Faculty of Engineering and Science Department of Information & Communication Technology Norway Dr. Klaus-Peter Kossakowski DFN-CERT Services GmbH Germany http://www.first.org/conference/2005/papers/speaker14- paper-1.pdf Click to add subtitle 25

  26. Dynamics of Incident Response- Abstract “ A frequently identified problem is that CSIRTs are over-worked, under-staffed and under-funded . “ “ Based on theory from process improvement and information from the case study, we identified that short-term pressure from a growing incident work load prevents attempts for developing more response capability long-term, leading the CSIRT into a “capability trap”. Fundamental solutions will typically involve a worse-before-better trade- off for management. Short term the CSIRT will lower its response capability while new capability is developed. Long term the CSIRT will get an automated response capability independent from limited human resources. Hence, it can automatically scale to future increases in workload. Click to add subtitle 26

  27. Dynamics of Incident Response- Section 3 Common Problems Among CSIRTs � Frequently referenced problems in the CSIRT community are over-stretched resources and a need for continuous improvements. Killcrece et al. (2003a p. 128) refer to many such problems, for example: � lack of funding, � lack of management support, � lack of trained incident handling staff, � lack of clearly defined mission and authority, and � lack of coordination mechanisms. Click to add subtitle 27

  28. Why and How To Outsource

  29. Typical Security Situation � Grown on the back of existing structure � Lack of specific expertise Lack of resources/funding � Labour legislation – no OT, long hours etc. � Check the box attitude � Misconceptions – we have IDS/FWs so we � must be secure. � Who accepts responsibility? � What happens when things go wrong? Click to add subtitle 29

  30. Where are you now? � Implemented NIDS/HIDS/FWs etc Some logging turned on � Might even have SIM/SIEM � � Someone gets tasked to review logs, events etc. � 24/7 monitoring might be required � So far you’ve managed to survive � Workload is growing/accountability is pushed down � Jobs on the line � Realization you aren’t closing the gap, or you can’t continue to fund the growing resource requirement. You need options. Are you reactive instead of proactive? Click to add subtitle 30

  31. WHY OUTSOURCE SECURITY? YOU DON’T You’re outsourcing some operational and functional requirements the same as any other service is outsourced. In most cases, the responsibility for security remains in house. Accountability always remains in house. Click to add subtitle 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security in Managed Print Services Toma Janiauskien | Arno t Matjka MFP is a tool

Security in Managed Print Services Toma Janiauskien | Arno t Matjka MFP is a tool

Security in Managed Print Services Toma Janiauskien | Arno t Matjka MFP is a tool integrated into business processes 2 Security 3 Occupational safety Video systems, parking control IT CYBER SECURITY Physical protection

546 views • 41 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
Humans vs Machines: When to Hire and When to Automate Lessons I Have Learned Managed Security

Humans vs Machines: When to Hire and When to Automate Lessons I Have Learned Managed Security

Humans vs Machines: When to Hire and When to Automate Lessons I Have Learned Managed Security Services Fog Creek Data Security Trello Agenda Evaluation Process Purchasing Process Renewal Process What I Would Do Sooner Demos /

356 views • 17 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
he ur Managed by Triad National Security, LLC for the U.S. Department of Energy's NNSA Los

he ur Managed by Triad National Security, LLC for the U.S. Department of Energy's NNSA Los

he ur Managed by Triad National Security, LLC for the U.S. Department of Energy's NNSA Los Alamos National Laboratory STILTS you Or why LANL doesnt use HSM nt wo Brad Settlemyer May 22, 2019 Managed by Triad National Security, LLC for

246 views • 7 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD NOVEMBER 7, 2013 BILL MENTER DIRECTOR,

ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD NOVEMBER 7, 2013 BILL MENTER DIRECTOR,

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD NOVEMBER 7, 2013 BILL MENTER DIRECTOR, VIASAT TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY OF ILLINOIS |

203 views • 5 slides
YOUR SECURITY IS OUR BUSINESS WHO WE ARE American security experts with strong experience working

YOUR SECURITY IS OUR BUSINESS WHO WE ARE American security experts with strong experience working

YOUR SECURITY IS OUR BUSINESS WHO WE ARE American security experts with strong experience working in the Middle East ARBENGER/CITC: A joint venture implementing security solutions throughout Arabia CITC: A veteran owned, experienced military

253 views • 13 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Overview Cryptography functions Secret key (e.g., DES) Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Outline Authentication:

883 views • 5 slides
Company Profile Central Investigation and Security Services Ltd Delivering Expert Security

Company Profile Central Investigation and Security Services Ltd Delivering Expert Security

CENTRAL INVESTIGATION & SECURITY SERVICES LTD Company Profile Central Investigation and Security Services Ltd Delivering Expert Security Services with Trust & Transparency Since 1985 Security Services provider with a difference

518 views • 23 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Cyber Security A Modern Tale of a Dissonant Relationship BTB Security and me BTB Security

Cyber Security A Modern Tale of a Dissonant Relationship BTB Security and me BTB Security

Cyber Security A Modern Tale of a Dissonant Relationship BTB Security and me BTB Security Founded in 2006 Technical security services, MDR Me Ron Schlecht German word for BAD Ron.Schlecht@btbsecurity.com

432 views • 8 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
1 Terminology Security services: Authentication, confidentiality, integrity,

1 Terminology Security services: Authentication, confidentiality, integrity,

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security: Private Communication in a Public World [Chap. 2-8] Charles Kaufman, Mike Speciner, Radia

454 views • 20 slides
High Resolution Sequence Stratigraphy in the Shelfal part of Bengal Basin, India Pinaki Basu*,

High Resolution Sequence Stratigraphy in the Shelfal part of Bengal Basin, India Pinaki Basu*,

Oil and Gas Resources of India: Exploration and Production Opportunities and Challenges Geosciences Technology Workshop; Mumbai, India, 6-7 December 2017 Identification of Stratigraphic Play potential within Jalangi Formation using High

824 views • 25 slides
Choosing The Right Agile Prabhat Sinha Methodology Shani Memfy For Your Drupal Project

Choosing The Right Agile Prabhat Sinha Methodology Shani Memfy For Your Drupal Project

Choosing The Right Agile Prabhat Sinha Methodology Shani Memfy For Your Drupal Project Speakers Prabhat Sinha Shani Memfy He has been managing product and Shes been managing product and project project since 8 years. After work

783 views • 39 slides
Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language policies Example policies Implementation policies High level Low level -2 Reading Material Computer Security,

764 views • 40 slides
Welcome to: Computer Science 457 Networking and the Internet Fall 2016 Indrajit Ray 1

Welcome to: Computer Science 457 Networking and the Internet Fall 2016 Indrajit Ray 1

Welcome to: Computer Science 457 Networking and the Internet Fall 2016 Indrajit Ray 1 Administrivia Website: http://www.cs.colostate.edu/~cs457 For both local and remote students Syllabus, Outline, Grading Policies Homework

771 views • 53 slides
CS 451 Software Engineering Winter Term Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter Term Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter Term Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University PROCESS MODEL A structured collection of practices Describe characteristics of effective process

519 views • 36 slides
Evolution of the distribution of rapidities under atom losses in the 1D Bose gas Jrme Dubail

Evolution of the distribution of rapidities under atom losses in the 1D Bose gas Jrme Dubail

Evolution of the distribution of rapidities under atom losses in the 1D Bose gas Jrme Dubail LPCT, CNRS and Universit de Lorraine, Nancy Based on arXiv:2006.03583 with: Isabelle Bouchoule (Institut dOptique, Palaiseau) Benjamin Doyon

428 views • 16 slides
TOEIC speaking and writingread a text aloud Fri 20 Sep 2019 11:31:18 AM CST

TOEIC speaking and writingread a text aloud Fri 20 Sep 2019 11:31:18 AM CST

TOEIC speaking and writingread a text aloud Fri 20 Sep 2019 11:31:18 AM CST http://github.com/drbean/curriculum/master/speaking TOEIC speaking and writingread a text aloud Fri 20 Sep 2019 11:31:18 AM CST

356 views • 20 slides
Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds Thomas

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds Thomas

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage UCSD MIT UCSD UCSD Todays talk in one slide Third-party clouds: cloud cartography

563 views • 29 slides

More recommend