Data Protection

Strategy

Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania

Cyber Protection Strategy

StrategicCISO.com

Tactical or Strategic?

Vendor Driven

or business driven

Reactive

or proactive

The trouble is that criminals seem to be able

to stay one step ahead, and the law-

abiding have to spend to much time trying

to catch up– Nigel Phair, Cybercrime, The Reality of the Threat, page 178

StrategicCISO.com

Securing Endpoints?

StrategicCISO.com

Data wants to be free

What are your endpoints

Data classification

It’s what you don’t know you

don’t know that gets you

Email

Business Processes

Data transfers

It’s in the cloud already

StrategicCISO.com

Google

Amazon

Web Services

Security Trends – Current View

StrategicCISO.com- CONFIDENTIAL -

Endpoint Suites Network UTM ApplicationSecurity

VulnerabilityManagement

[Other PointProducts]

Security Information and Event Management

• Alerts • Log Mgt • Event Correlation • Compliance Certification

Governance Risk and Compliance

• User Policy Compliance • Compliance Workflow and Reporting• Remediation Workflow and Reporting

Scanning (web and/or network) products identify potential weaknesses

– Data overload including false positives/negatives – not most critical threats

– Does not prove exploitability, limited-view point solution, single vector

IT-GRC gathers information to aggregate and report

– Mostly used for higher-level policy and governance with little “R”

SIEM aggregates real data, dash-boarding, drill-down, etc.

– SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell

you if your defenses are working

– Operational data, not situational. Just incidents or log data from past events

Security Risk Mgmt is simulator/model

– Correlates scanned, imported and entered data to infer highest risk

vulnerabilities, doesn’t do actual testing

– Network only and works on models vs. a real test of the security

DLP detects and prevents transmission of confidential information

To date, the critical challenge of how to provide insight into actual risks

across multiple layers of infrastructure still remains!StrategicCISO.com

Security – Future View

StrategicCISO.com- CONFIDENTIAL -

Endpoint Suites Network UTM ApplicationSecurity

VulnerabilityManagement

IT Security Management

Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee

[Other PointProducts]

Comprehensive Security Test and Measurement

•Verify and Validate Security Controls

•Measure Real-world Threat Readiness

•Measure Security Effectiveness

Security Information and Event Management

• Alerts • Log Mgt • Event Correlation • Compliance Certification

Governance Risk and Compliance

• User Policy Compliance • Compliance Workflow and Reporting• Remediation Workflow and Reporting

Cyber Strategy Musings

(WordPress)

The Key of Knowledge – Book 2

The second area of knowledge in

this key is “Knowing your

environment”.

By Extension – Know Your Strategy

Know your Strategy

StrategicCISO.com

Your Guide

StrategicCISO.com

What are your critical

business assets?

Data / Asset Classification

You can’t protect

everything

Focus on the most

important assets

Key of Knowledge

StrategicCISO.com

Anti-Virus and

Firewalls are not

enough

Evaluate your existing controls

StrategicCISO.com

Compliance Checklists are not enough

Network Solutions was PCI compliant

before breach

Angela Moscaritolo, July 27, 2009

Web hosting firm Network Solutions on Friday

announced that, despite its being PCI compliant, a

breach had compromised approximately 573,928

individuals' credit card information.

http://www.scmagazineus.com/network-solutions-

was-pci-compliant-before-breach/article/140642/

Evaluate your existing controls

StrategicCISO.com

Layered Security – The Castle Model

Evaluate your existing controls

StrategicCISO.com

The Symantec Global Internet Threat Report, which covers trends in

2009, says attackers are aggressively targeting employees' social

networking profiles to help target key personnel inside targeted

companies. Meanwhile, Web-based attacks targeting PDF views

accounted for half of all Web-based attacks last year, up from 11

percent in 2008.

And malware creation increased thanks to more automated tools,

according to Symantec, which says it identified more than 240

million new malware programs last year, a 100 percent increase

over 2008

Understand the threat

Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent

New Symantec Global Internet Threat Report shows evolution of targeted attacks,

prevalence of Web-borne attacks, increase in malware variants in 2009

Apr 20, 2010 By Kelly Jackson Higgins

DarkReading

http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064

Insider Threats

Understand the threat

StrategicCISO.com

U.S. government agencies have been bracing

for a deluge of thousands more classified

documents since the leak of helicopter cockpit

video of a 2007 firefight in Baghdad. That was

blamed on a U.S. Army intelligence analyst,

Spc. Bradley Manning, 22, of Potomac, Md. He

was charged with releasing classified

information this month. Manning had bragged

online that he downloaded 260,000 classified

U.S. cables and transmitted them to

Wikileaks.org.

Officials Scramble to Review Emerging Afghan War

Documents for 'Damage'Published July 26, 2010 | FoxNews.com

http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/

Understand the Threat

StrategicCISO.com

Know your threat matrix

Understand the threat

StrategicCISO.com

Determine your organizations risk

tolerance

Know your vulnerabilities

Understand how the threats apply

Develop your Risk Strategy

StrategicCISO.com

Compliance requirements

Protect your valuable data

Put systems in place that protect your data as

it moves

Proactive intelligence on your environment

Discover your real vulnerabilities

Break the malware cycle

Develop your protection Strategy

The barbarians will get in

StrategicCISO.com

Operationalize Security

Use Managed Services / Cloud Services

where practicable

Use automated systems

Understand the overhead

StrategicCISO.com

Complexity can break security

StrategicCISO.com

Be an enabler of business

Connect to your Enterprise Risk

Management

Show how it affects the bottom line

Understand your organization’s business need

StrategicCISO.com

Response and remediation

Robust Incident Response Plan

Response not react

Don’t merely remediate

Execute

StrategicCISO.com

Real time Protection

Find the barbarians that get past the gate

New Technologies

Execute

StrategicCISO.com

Execute - Test

StrategicCISO.com

Col. John Boyd’s OODA Loop

Evaluate

StrategicCISO.com

Metrics

INCREASING CYBER-SITUATIONAL

AWARENESS VIA ENTERPRISE METRICS

Core Security Technologies Blog

Today’s ferocious cybersecurity environment is dynamic. One

of the challenges that organizations, both public and private

sector, have encountered in attempting to mature their IT

security and risk management plans has been a lack of

methods to calculate truly relevant metrics that would allow for

them to better understand and benchmark their security

standing over time.

http://blog.coresecurity.com/2010/04/29/increasing-

cyber-situational-awareness-via-enterprise-level-metrics/

Evaluate

StrategicCISO.com

The Future of Data Protection

StrategicCISO.com

Contact Information

Bob.Maley@StrategicCISO.com

Questions