SESSION ID:

#RSAC

Gabriel Bassett

BUILDING A DATA DRIVEN SECURITY STRATEGY

STR-R02

Senior Information Security Data ScientistVerizon, Data Breach Investigations Report@gdbassett

# R S AC

Agenda

1. Organization2. Strategy3. Measure4. Data Driven Security Strategy5. Example Strategies6. Example Walkthrough7. Application and Conclusion

#RSAC

WHAT IS A STRATEGY?

# R S AC

6

VMOSA

V • Vision

M • Mission

O • Objectives

S • Strategy

A • Action Plans

By Denis Fadeev - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=32967868

Security

Organizatio

n

Hand

off

# R S AC

7

SWOT Analysis

By Xhienne (SWOT pt.svg) [CC BY-SA 2.5 (https://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia Commons

V • Vision

M • Mission

O • Objectives

S • Strategy

A • Action Plans

Hand

off

#RSAC

STRATEGY: THE ART OF DEVISING OR EMPLOYING (ACTION) PLANS OR STRATAGEMS TOWARD A GOAL (OBJECTIVE)https://www.merriam-webster.com/dictionary/strategy

8

#RSAC

STRATEGY IS HOW YOU CHOOSE PLANS TO MEET YOUR OBJECTIVES

9

# R S AC

Risk Based Strategy

#RSAC

DATA DRIVEN SECURITY STRATEGY

# R S AC

12

Measures1. What is my

desired outcome?

2. Why is it the right outcome?

3. How do I know the measure predicts this outcome?

# R S AC

Action Plan(VMOSA)

Measures

Observations in context of desired Outcome• VMOSA• Factor from SWOT

Strategy(VMOSA)

# R S AC

Action Plan(VMOSA)

Measures

Observations in context of desired Outcome• VMOSA• Factor from SWOT

Strategy(VMOSA)

# R S AC

http://blog.friendlyplanet.com/2012/02/fridays-friendly-funny-which-wall-of.html

#RSAC

EXAMPLE STRATEGIES

# R S AC

Strategy: Reactive

# R S AC

18Victor Paul (CC BY 2.0) (https://www.flickr.com/photos/victor_paul/8022836740/)

Strategy: Support Infosec Ops

# R S AC

TimVickers (Own work) [Public domain], https://upload.wikimedia.org/wikipedia/commons/7/71/Alligator_mississippiensis_%282%29%2C.jpg

Strategy: Economic Engineering

# R S AC

Strategy: Reduce Infosec Risk

# R S AC

By Pets Adviser from Brooklyn, USA [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons)

Strategy: Compliance

# R S AC

By Astris1 (Own work) [CC BY-SA 3.0 (https://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons

Strategy-ish: NIST Framework

#RSAC

STRATEGY WALKTHROUGH

Economic Engineering Strategy

# R S AC

http://dbir-attack-graph.infos.ec

# R S AC

Measure risks

Actions and Attributes to Mitigate

PhishingSoftware

InstallationFootprinting

Web Drive-by

Use of Stolen Creds

Phishing

Software Installation

Footprinting

Web Drive-by

Use of stolen credentials

# R S AC

Map Risks to Plans

Actions and Attributes to Mitigate Action Plans or Controls to employPhishing

Software Installation

Footprinting

Web Drive-by

Use of stolen credentials

User Behavioral Analytics

OS & App Sandboxing

DOTMLPF-P

# R S AC

Map Plans to Risks

27

User Behavior AnalyticsAlter Behavior

Privilege Abuse

Illicit Content

Unapproved Workaround

Abuse of Functionality

Use of Stolen Creds or Brute force

OS and App SandboxingPhishing

MalwareWeb Drive-by

Hacking (other then credential use)Footprinting

Software installation

# R S AC

Quantified Improvements

28

#RSAC

DOING SOMETHING

# R S AC

Next Week

# R S AC

Next Month

# R S AC

https://pics-about-space.com/future-space-station-wallpaper?p=1

The Future

#RSAC

QUESTIONS?

gabriel.bassett@verizon.comTwitter: @gdbassett

#RSAC

BACKUP