researchsoc iu edu thank you for attending our webinar
play

researchsoc.iu.edu Thank you for attending. Our webinar will begin - PowerPoint PPT Presentation

Oct 06, 2022 •153 likes •461 views

researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research Housekeeping All

  1. researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly.

  2. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research

  3. Housekeeping ● All participants are on mute. ● Ask your questions via the Q&A feature. ● We will record this webinar and provide a link. ● Slides will also be made available. ● Tech troubles? Sign out and back in.

  4. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research

  5. What causes failure? How can we improve our detection and • Missing Information response systems to address the issues • Multiple concurrent problems most likely to cause loss of confidentiality, • Inability to Detect or Respond integrity or access to our data? • Incorrect Information • Incomplete Information

  6. Any person can invent a security system so clever that she or he can't think of how to break it. -Schneier’s Law

  7. Imperfect Information • New updates/controls What “facts” do we know about our organization but haven’t tested ? • Untested critical processes • Logical or policy oversights How closely are our policies tied to the • Are policies focused on organizational realities of our organization’s operations ? goals?

  8. What is a security exercise? • Helps us to get better at dealing with A tool to help us find and correct errant things that (hopefully) rarely happen. assumptions about our organization’s • Tells us if our policies are effective. security. • Reveals the assumptions we have made that don’t line up with reality. • Creates elasticity in our thinking about how we respond to problems.

  9. How do we find out? Security Exercise Programs A series of security exercises we run to • It is iterative continually improve our policies and • It reinforces good behaviors processes and prepare our team for • It corrects bad behaviors responding to real issues. • Prepares for response stress • Improves coordination

  10. Prerequisites ● What are you protecting and why? These can be simple documents, the ○ Inventory important thing is that they exist as a ○ Priorities starting point for iterating on your program. ● How are you going to achieve those goals? ○ Policies “We will ensure data integrity while ensuring ○ Procedures maximum availability for our researchers” ● Who will do what during and incident? “During an incident the CISO will be authorized ○ Defined responsibilities to…” ○ Assigned to the role, not the individual

  11. Poll: What’s your experience with security exercises?

  12. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  13. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  14. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  15. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  16. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  17. Poll: What key elements of a security program do you have in place?

  18. Types of Exercises Tabletop Exercise Real-time exercise where each organizational role walks through a hypothetical event together using the existing policies and procedures. Evaluation Exercises Exercises that explore, measure, or improve aspects of our documentation, inventory, resource availability and preparedness. Live Exercises Real-time exercise run in test or production environments to simulate potential security incidents.

  19. Tabletop Exercises Method A moderator creates a scenario and runs the participants through it, much like a tabletop RPG. “What do you do?” Requirements Use Case ● Moderator and a pre-written scenario ● Early program ● Means of communicating in real time. ● Lack of Resources ● Means of note taking and sharing at debrief ● Testing Policies and Procedures ● Defined roles and responsibilities for participants

  20. Evaluation Exercises Method Passive gathering of data about organization, documentation, infrastructure or policies. Requirements Use Cases ● At least one investigator ● Gathering Inventory ● Tools for gathering the type of data you are ● Building Risk Assessment looking for: port scanner, software inventory tools, ● Verifying documentation public IP addresses, etc

  21. Live Exercises Method Real-time environment exercises on test or production hardware. Can be run as White team v Blue team or Red team v Blue team Requirements Use Cases ● Two teams of participants ● Reinforcing human behavior ● Production or test environment ● Testing tools and software ● Defined expectations and boundaries ● Evaluating hardware ● Means of note taking and sharing at debrief ● Finding wrong assumptions

  22. Designing an Exercise ● Choose something to test that fits with the For tabletop scenarios decide how you purpose/focus of your organization’s security will present information to the program participants and get them thinking critically. ● Choose a type of exercise based on your resources and what you want to test For live scenarios think about how you can focus the objectives around the ● Write an outline of the exercise (tabletop/live) or systems and assumptions you want to develop a methodology for evaluative exercises. test.

  23. Running an Exercise ● Communicate the time and place of your • Take extensive notes during the exercise to participants (if any) ahead of exercise, ask participants to document time. their thoughts and reactions as well. ● Set a scope for the exercise, and define • Solicit feedback from participants success/fail states to participants at the start. • Iterate on your execution- document ● Provide Resources successes and failures

  24. Learning from an Exercise ● Conduct a debrief of the exercise as soon as • Revisit previous exercises to ensure possible in order to gather information as issues are being addressed and documented. accurately as possible. ● Generate a report defining what was done, how • Repeat failed exercises after an and the outcomes of the exercise. interval to test effectiveness of changes. ● Make recommendations to address failures or obstacles encountered while running the exercise

  25. For More Information List of example exercises http://go.iu.edu/2heq

  26. Poll: Which additional security exercise webinars might you attend?

  27. Q & A

  28. Visit the ResearchSOC website : https://researchsoc.iu.edu/ Subscribe to the ResearchSOC announcements list: https://researchsoc.iu.edu/contact/index.html Read the ResearchSOC Blog: https://blogs.iu.edu/researchsoc/ Join our Community of Practice: https://ask.cyberinfrastructure.org/c/rsoc Follow ResearchSOC on Twitter @IUResearchSOC

  29. Webinars: Conferences: How to secure SCADA/ICS systems: Internet2 March 29-April 1 10 strategies that work February 20, 2020 3pm EST Educause SPC April 21-23 How to select and use operational cybersecurity metrics to make PEARC cybersecurity operations more effective July 26-30 March 19, 2020 3pm EST https://researchsoc.iu.edu/webinars

  30. Thank you! Additional Resources: Josh Drake Presentation adapted from “Security Exercises” article drakejc@iu.edu by Susan Sons from linuxjournal.com (Nov 2016) http://go.iu.edu/2c10 researchsoc.iu.edu We thank the National Science Foundation (grant 1840034) for supporting our work. The views and conclusions herein are those of the author and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020 Strategies for Better Incident Response ResearchSOC Webinar Series Research Security Operations Center The NSF Collaborative Security Response Center

458 views • 26 slides
Webinar FAQ Thank you for attending our webinar series and for submitting questions to our

Webinar FAQ Thank you for attending our webinar series and for submitting questions to our

Webinar FAQ Thank you for attending our webinar series and for submitting questions to our speakers. We are grateful to all of you for your contribution to our national effort in diagnostics. While it is not possible for all questions to be

196 views • 6 slides
2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer

2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer

Arizona Heat Season 2020 Recap Webinar December 3, 2020 2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer microphone/speaker Alternate audio available through phone This webinar is being recorded. Slide

960 views • 85 slides
I would like to thank everyone for attending todays webinar presentation covering the LEP

I would like to thank everyone for attending todays webinar presentation covering the LEP

I would like to thank everyone for attending todays webinar presentation covering the LEP Program Survey, which is a data set collected during PIMS Collection 4 and also covering the ELL End of Year Counts PIMS Internal Snapshot. Before

1.25k views • 62 slides
Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your first & last name and county in the chat bar. If there are several people attending the webinar from the same conference room/office/etc.,

544 views • 28 slides
Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your first & last name and county in the chat bar. If there are several people attending the webinar from the same conference room/office/etc.,

599 views • 42 slides
2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities

2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities

2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities August 31, 2016 Thank you for attending this webinar! It will begin shortly at 3:00 pm E.T. Welcome to Todays Webinar Audio Information: Dial

1.03k views • 64 slides
Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September

Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September

Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September 2020 Welcome Thank you for attending The webinar will be recorded All material will be made available on the call webpage within one

833 views • 41 slides
Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar

Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar

Webinar: Local School Wellness Policies Thank you everyone for attending our webinar on Local Wellness Policies. My name is Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar today. Im joined today

623 views • 51 slides
bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken

bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken

bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken Attending a Conference Attending a Conference Attending a Conference Attending a Conference Talk to people at all occasions after

603 views • 37 slides
2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and

2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and

2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and Schools: Providing Mental Health Services in Rural Communities July 27, 2016 Thank you for attending this webinar! It will begin shortly at 3:00

457 views • 41 slides
WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for

WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for

NONPROFIT WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for attending! All attendees have been muted. The presentation will start at 1:00pm. Direct all your questions to the Q&A box. Who We Are

765 views • 43 slides
HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015

HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015

HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015 Attendance and Sign In If attending in person, please make sure you sign in If attending via webinar, please send an email to

335 views • 10 slides
2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and

2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and

2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and Veteran Families: The Rural Perspective September 14, 2016, 3:00 - 4:30 p.m. Eastern Thank you for attending this webinar! It will begin shortly

767 views • 27 slides
Attention-based Networks M. Malinowski Why attention? Long term memories - attending to

Attention-based Networks M. Malinowski Why attention? Long term memories - attending to

Attention-based Networks M. Malinowski Why attention? Long term memories - attending to memories Dealing with gradient vanishing problem Exceeding limitations of a global representation Attending/focusing to smaller parts of

1.42k views • 47 slides
Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator

Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator

Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator Michael Gerardi, MD, FAAP, FACEP Director, Pediatric Emergency Services, Atlantic Health System Attending, Department of Emergency Medicine,

493 views • 7 slides
Animal Enrichment Best Practice Series 1 The 8 Components Every Animal Enrichment Program

Animal Enrichment Best Practice Series 1 The 8 Components Every Animal Enrichment Program

Animal Enrichment Best Practice Series 1 The 8 Components Every Animal Enrichment Program Should Have 2 Brad Shear, CAWA Kelley Bollen, MS, CABC Executive Director, Owner/Director Animal Alliances, LLC Potter League for Animals

975 views • 53 slides
Regex Basics Basic Patterns Java Exercise Credit: Randall Munroe xkcd.com CS 2112 Lab 7:

Regex Basics Basic Patterns Java Exercise Credit: Randall Munroe xkcd.com CS 2112 Lab 7:

Regex Basics Basic Patterns Java Exercise Credit: Randall Munroe xkcd.com CS 2112 Lab 7: Regular Expressions Regex Basics Basic Patterns Java Exercise CS 2112 Lab 7: Regular Expressions October 21 / 23, 2019 CS 2112 Lab 7: Regular

410 views • 23 slides
WIT COMP1000 Exam 2 Review Wentworth Institute of Technology Engineering & Technology

WIT COMP1000 Exam 2 Review Wentworth Institute of Technology Engineering & Technology

Wentworth Institute of Technology Engineering & Technology WIT COMP1000 Exam 2 Review Wentworth Institute of Technology Engineering & Technology Format The exam will be 5-6 problems, with some problems having multiple sub-questions

168 views • 14 slides
Social Media Exercises for Emergency Managers Megan L. Syner Warning Coordination Meteorologist

Social Media Exercises for Emergency Managers Megan L. Syner Warning Coordination Meteorologist

Social Media Exercises for Emergency Managers Megan L. Syner Warning Coordination Meteorologist National Weather Service Great Falls, Montana E-mail: megan.syner@noaa.gov Social Media in Emergencies Why it matters People wont care

369 views • 36 slides
Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction Nils Anders Danielsson

Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction Nils Anders Danielsson

Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction Nils Anders Danielsson Thorsten Altenkirch (University of Nottingham) Lac-Beauport, Qu ebec, 2010-06-23 Introduction New way to define subtyping for recursive

620 views • 34 slides
Exercise 4.1 Displacement formulation of linear elastodynamics: strong and weak forms, Galerkin FE

Exercise 4.1 Displacement formulation of linear elastodynamics: strong and weak forms, Galerkin FE

Exercise 4.1 Displacement formulation of linear elastodynamics: strong and weak forms, Galerkin FE model General IBVP of linear elastodynamics Find u i = u i ( x , t ) =?, ij = ij ( x , t ) =?, ij = ij ( x , t ) =? satisfying in :

287 views • 7 slides
Exercises on the Internet for researchers and students to learn Stata M. Escobar (modesto@usal.es)

Exercises on the Internet for researchers and students to learn Stata M. Escobar (modesto@usal.es)

Exercises on the Internet for researchers and students to learn Stata M. Escobar (modesto@usal.es) Universidad de Salamanca 11th Spanish Stata Users Group meeting Barcelona, 24 th October-2018 Modesto Escobar (USAL) Exercises on the Internet

429 views • 20 slides
Professor: Kevin Molloy (adapted from slides originally developed by Alvin Chao) The real power

Professor: Kevin Molloy (adapted from slides originally developed by Alvin Chao) The real power

Professor: Kevin Molloy (adapted from slides originally developed by Alvin Chao) The real power of arrays is the ability to process them using loops, i.e., performing the same task for multiple elements. The standard form of iteration is as

584 views • 30 slides

More recommend