cyber security intelligence lifecycle (csil) · cyber security intelligence lifecycle (csil)...
TRANSCRIPT
ASSESS
RESPOND
PROTECT
DETECT
CYBER SECURITY INTELLIGENCE LIFECYCLE (CSIL)METHODOLOGY
dataprise.com
ASSESS
Security Gap Assessment A holistic assessment of your business environment including stakeholder interviews, vulnerability scans, preliminary risk assessment questionnaire, PII scans, Active Directory audits, baseline and target state scoring, and roadmap to achieve security program goals. Vulnerability AssessmentVulnerability scanning and analysis of your external perimeter and internal network, including best practice device configuration review and remediation recommendations. Information Security Policy Analysis & CreationDuring this Assessment we identify information security policy gaps and needs based on best practice and regulatory/compliance/industry requirements. We then work with your internal decision makers to craft Information Security Policy that aligns with the overall business objectives and goals. Hardware/Software Inventory AssessmentIn order to properly protect your data assets, we must first know what we have and where it is located. During the HW/SW Inventory Assessment, we identify which equipment and applications are currently in your environment to allow you to make better informed decisions based on the knowledge of what you have.
Preliminary Security Risk AssessmentThis is a baseline risk assessment questionnaire that allows us to better gauge and analyze the organization’s approach to information security risks and allows us to analyze and make recommendations based on the responses. PCI Compliance Baseline Analysis This analysis is based on network scans customized towards specific compliance goals (e.g., PCI, HIPAA, ISO). The scans are then analyzed by trained Security Professionals, and any gaps in compliance are identified and remediation is planned. Data Classification SchemaIn order to apply the proper protecting to your data, you need to do so based on the criticality and sensitivity of the data assets. During the Data Classification project, we help you identify the impact levels and sensitivity of your data assets, and develop a plan to layer your defenses to ensure that the most sensitive data remains secured with controls commensurate to its classification level. Personally Identifiable Information (PII) ScanWe run scans of your network environment (e.g., servers, workstations) looking specifically for unencrypted PII (e.g., social security numbers, credit card information, addresses, bank information), and then assign a quantifiable value to each piece of information in order to show potential impact if the asset were to be lost or stolen.
ASSESS SOLUTIONS
vCISO: Your strategic guide to Security Program Development and Management within your organization throughout all of the stages. From Strategic Business Alignment to Risk Management to Value Delivery, we work with you and your business to create a customized Security Program tailored to your specific needs.
dataprise.com
PROTECT
Anti-VirusAdding anti-virus software to workstations and servers is one way to layer our defenses against malicious code. Security Awareness TrainingCustom email campaigns designed to test internal or customized end user training and awareness campaigns through a variety of mediums, including computer-based training (CBT), on-site trainer with slides, end user testing, etc. Firewall/FaaSFirewall and Firewall-as-a-Service (FaaS) is the idea of using a firewall device at the edge of your network to better secure your perimeter from would-be attackers. Windows/Operating System PatchingTo better secure your operating system environment, best practices strongly recommends you ensure timely updates of Windows and other operating systems as new patches are published. Phishing Campaigns Custom email campaigns designed to test internal users’ resilience to phishing techniques and to provide additional awareness training to users in a safe and results driven environment. Next Generation Endpoint Security (Malware/APT) DetectionTraditional anti-virus relies on virus signatures, making it difficult to identify some of the newer malware and threats that are designed to ‘outsmart’
traditional anti-virus. Enter next generation endpoint security which takes a behavioral approach to malware detection, which is able to detect the newer threats in real time. Offsite BackupsThe last line of defense in the ability to ultimately recover successfully from a disaster relies on your ability to restore your data backups. The most preferred method is to have the backup data stored at a separate offsite facility to ensure the data is not susceptible to the same type of disaster that impacted your corporate environment. Application WhitelistingApplication whitelisting is a common way to ensure that only ‘approved’ applications are running within your corporate network by allowing only whitelisted applications to be downloaded and installed. This prevents the spread of “rogue” software within your environment. Security Information and Event Management (SIEM) ToolA tool that provides centralized log management and correlation from multiple systems and assets within an organization for increased network visibility, and sends the data to qualified Security Analysts for review and analysis. Security Operation Center (SOC) ServicesOur team of Security Analysts in the SOC perform real time analysis and verification of log and network traffic to validate alarms and follow the appropriate incident response procedures, in the event of an incident.
PROTECT SOLUTIONS
vCISO: Your strategic guide to Security Program Development and Management within your organization throughout all of the stages. From Strategic Business Alignment to Risk Management to Value Delivery, we work with you and your business to create a customized Security Program tailored to your specific needs.
dataprise.com
DETECT
Unified Security Management (USM)USM is a complete suite of detection tools and processes to ensure that you have the ability to detect threats through multiple entry points in real-time. Some of the components of a USM solution include:
Security Information and Event Management (SIEM) toolA tool that provides centralized log management and correlation from multiple systems and assets within an organization for increased network visibility, and sends the data to qualified Security Analysts for review and analysis. Security Operations Center (SOC) ServicesOur team of Security Analysts in the SOC perform real-time analysis and verification of log and network traffic to validate alarms and follow the appropriate incident response procedures in the event of an incident. Behavioral Analytics and Anomaly DetectionThrough a deep understanding of how devices typically operate with one another, we are able to develop better automated anomaly detection algorithms to understand when ‘strange’ behavior is occurring. Intrusion Detection System (IDS) and Host-Based Intrusion Detection System (HIDS)As the name implies, IDS & HIDS are designed to send log and alarm information in the event that they detect an intrusion. This alarm is then routed to the Security Operations Center (SOC) for review and validation.
Periodic Security Log ReviewThis type of review is either performed manually or through the use of automated log correlation tools (e.g., SIEM). Trained security experts review the log data looking for trends and potential intrusions.
DETECT SOLUTIONS
vCISO: Your strategic guide to Security Program Development and Management within your organization throughout all of the stages. From Strategic Business Alignment to Risk Management to Value Delivery, we work with you and your business to create a customized Security Program tailored to your specific needs.
dataprise.com
RESPOND
Incident Remediation for Incident Response Team (IRT)When vulnerabilities are discovered or incidents have occurred, you need the right resources at the right time to assist in the remediation and recovery efforts. Business Impact Analysis (BIA)The process of analyzing an environment to determine and evaluate the potential effects of service interruption to critical business operations as a result of a disaster. The final deliverable details the potential impact of a disaster on core business functions. Business Continuity Planning (BCP)BCP is the process of understanding the threat landscape and potential risks facing an organization in order to ensure that personnel and assets are able to function in the event of a disaster. The deliverable is a strategic document to accomplish the above task. Disaster Recovery Planning (DRP)The process of defining requirements, creating a detailed recovery plan approved by Senior Management, and conducting ongoing testing and revisions of the feasibility and acceptance of the plan itself. Vulnerability Remediation ActivitiesThe act of using skilled security resources to remediate known vulnerabilities within an organization that have been uncovered through vulnerability scans or risk assessments. Closing these type of vulnerabilities is vital to the success of an organization in hardening the security posture of an organization. Managed Remote Backup (MRB)Having consistent and timely backups of your critical infrastructure stored at an offsite facility is a great way to ensure that you are prepared to recover from almost any incident.
RESPOND SOLUTIONS
vCISO: Your strategic guide to Security Program Development and Management within your organization throughout all of the stages. From Strategic Business Alignment to Risk Management to Value Delivery, we work with you and your business to create a customized Security Program tailored to your specific needs.
dataprise.com
List three assets critical to your business and a brief description of their importance.
In your estimation, what is the longest time period that your business could survive in the event of a complete disaster (no working systems or business processes)?
Can you name a specific place/asset within your organization where you are using layered defenses to enhance the protection?
In an ideal scenario, how long would it take your organization to detect a cyber incident?
ASSESS
RESPOND
PROTECT
DETECTdataprise.com
Charles Ames (Keynote) | Chief Information Security Officer, State of Maryland Chuck Ames joined Maryland State Government as the Director of Cybersecurity in December, 2015, after retiring from 29 years of service in the US Army. Chuck advises the Secretary of the Department of Information Technology on law, policy and pending or desired cyber legislation, on cyber education and workforce development, on cyber economic development and public awareness, on cyber operations and incident response, and on critical infrastructure protection.
Tim Foley | Sr. Manager of Information Security & Strategic Consulting at Dataprise Tim Foley joined the Dataprise team in 2011. Tim has held a number of roles during his tenure at Dataprise, and currently serves as our Sr. Manager of Information Security & Strategic Consulting. He is a proven thought leader responsible for our team of Virtual CIOs and CISOs. He brings with him over 15 years of industry experience, with a focus on Information Security. Tim holds a number of profes-sional certifications including CISSP, ITIL v3, SSBBP, and MCITP.
Sean Ferrara | Virtual Chief Information Security Officer (vCISO) at DatapriseSean Ferrara joined the Dataprise team in 2012. Over the past 3 years Sean has served in the vCIO capacity for a number of our clients, where he has leveraged industry best practices to align technology with a large variety of business goals. Sean now serves as a vCISO where he is responsible for oversee-ing our clients’ security strategies and ensuring compliance to regulatory and voluntary security stan-dards.
LeeThomas Hagen | Security Operations Center (SOC) Lead at Dataprise LeeThomas “LT” Hagen joined the Dataprise team in 2013 as Network Consultant with a focus in Cybersecurity. LT is a dynamic, results-driven Cybersecurity Specialist with 10+ years of experience designing, integrating and maintaining robust environments. LT currently works as the Security Operations Center Lead for Dataprise.
Joe Schreiber | Director, Solutions Architecture at AlienVaultJoe Schreiber is the Director of Solutions Architecture with AlienVault and has worked with hundreds of MSSPs to help them deliver managed security services. Joe has been doing IT security since the days of dial-up and prior to AlienVault he and his team built some of the world’s largest SIEM systems while working at AT&T Managed Security Services.
MEET THE PRESENTERS
dataprise.com
ASSESS
RESPOND
PROTECT
DETECT