Multi-University Partnerships The CanSSOC Proof of Concept Welcome - - PowerPoint PPT Presentation

multi university partnerships
SMART_READER_LITE
LIVE PREVIEW

Multi-University Partnerships The CanSSOC Proof of Concept Welcome - - PowerPoint PPT Presentation

Oct 16, 2022 42 likes •143 views

Improved Cyber Security Through Multi-University Partnerships The CanSSOC Proof of Concept Welcome and Introductions Panel Gordie Mah Chief Information Security Officer University of Alberta Paul Weber Supervisor, IT Security Ryerson

slide-1
SLIDE 1

Improved Cyber Security Through Multi-University Partnerships

The CanSSOC Proof of Concept

slide-2
SLIDE 2

Welcome and Introductions

Panel Gordie Mah Chief Information Security Officer University of Alberta Paul Weber Supervisor, IT Security Ryerson University Mike Wiseman Associate Director, Information Security University of Toronto Moderator Isaac Straley Acting Director, CanSSOC / Chief Information Security Officer University of Toronto

slide-3
SLIDE 3

Canadian Shared Security Operations Centre (CanSSOC) is:

  • A shared proof of concept project
  • Based in part on a model initiated in the US higher education

system

  • Being pursued in partnership with six Canadian universities:
  • The University of British Columbia,
  • University of Alberta,
  • McMaster University,
  • McGill University,
  • Ryerson University,
  • University of Toronto.
  • In Partnership with the National Research & Education Network
  • CANARIE – federal
  • Cybera - Alberta
  • ORION - Ontario
  • RISQ – Quebec
  • BCNET – British Columbia
slide-4
SLIDE 4

Value of a shared SOC

“Together we see more” Global profile Attracting talent Economies of scale Higher Ed focus

slide-5
SLIDE 5

c c c c

slide-6
SLIDE 6

POC Operational Considerations

Infrastructure Threat Intel Log Ingestion Analysis Incident Management Hardware platform(s) On-prem vs Cloud Log collectors Events per second (“EPS”) and throughput considerations Data retention Monitoring Identifying intel sources Curation Formatting Indicator of Compromise (“IOC”) sharing Intel back to SOCs & ISACs Location log inventory Baseline of log sources Log schema Deploying log collectors Alerting based on known IOCs Asset identification for prioritized alerts Alert volume & risk appetite Real time analysis Alerting mechanism (email, ticketing, API, etc.) Incident tracking How to get updates Incident resolution & disposition Location Portal / Dashboard

slide-7
SLIDE 7

Proposed Threat Intelligence

slide-8
SLIDE 8

Sample Analysis Architecture

Collect Normalize Enrich Analyze

slide-9
SLIDE 9

Panel Discussion and Audience Questions

slide-10
SLIDE 10

Thank you!

Stay informed and learn about the outcome of the CanSSOC Proof of Concept! CanSSOC website: https://canssoc.ca/ Contact: CanSSOC@utoronto.ca