Upload File

organizing for resilient operational response

10
Click to edit Master text styles Second level Third level Fourth level Fifth level Global Security Strategy and Diplomacy Trustworthy Computing Organizing for Resilient Organizing for Resilient Operational Response Operational Response Jerry Cochran, CISSP, CISM Director [email protected]

Upload: others

Post on 10-Apr-2022

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Organizing for Resilient Organizing for Resilient Operational ResponseOperational Response

Jerry Cochran, CISSP, [email protected]

Page 2: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Security Ecosystem TrendsSecurity Ecosystem TrendsHorizontal Integration Horizontal Integration

Page 3: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

SoftwareVendor

BotnetHerder

ReverseEngineer

PayloadCoder

POCCoder

MalwareCoder

IDS/AVExpert

BugMiner

ExploitWriter

ActorsUnderstand decision making processEngage all segmentsFollow the “herds”

TechnologyIdentify attack & research trendsExtinguish classes of issues

EconomicsPromote legitimate business modelsChange the Equation:

Increase the cost of malicious activitiesReduce malicious actor ROI

Security Response InteractionsSecurity Response Interactions

Page 4: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Diverse Response EcosystemDiverse Response Ecosystem

Microsoft Microsoft Security Security

ResponseResponse

Law Law EnforcementEnforcement

Security Security ResearchersResearchers

Security Security VendorsVendors

CERTsCERTs

Microsoft Microsoft Product Product GroupsGroups

Microsoft Microsoft FieldField

Press & Press & AnalystsAnalysts

Microsoft Microsoft PartnersPartners

Microsoft Microsoft CustomersCustomers

Government Government AgenciesAgencies

Page 5: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Responding to a Security Incident Responding to a Security Incident Microsoft Software Security Incident Response PlanMicrosoft Software Security Incident Response Plan

WatchWatch

Observe Observe environment to environment to detect any potential detect any potential issuesissues

Leverage existing Leverage existing relationships with:relationships with:

PartnersPartnersSecurity Security

researchers researchers and findersand finders

Monitor customer Monitor customer requests and press requests and press inquiriesinquiries

AlertAlertand and

MobilizeMobilize

Convene and Convene and evaluate severityevaluate severity

Mobilize security Mobilize security response teams and response teams and support groups into support groups into two main groups:two main groups:

Emergency Emergency Engineering TeamEngineering Team

Emergency Emergency Communications Communications TeamTeam

Start monitoring Start monitoring WW press interest WW press interest and customer support and customer support lines for this issuelines for this issue

AssessAssessandand

StabilizeStabilize

Assess the Assess the situation and the situation and the technical technical information information availableavailable

Start workingStart workingon solutionon solution

Communicate Communicate initial guidance and initial guidance and workarounds to workarounds to customers, partners customers, partners and pressand press

Notify and inform Notify and inform Microsoft sales and Microsoft sales and support fieldsupport field

ResolveResolve

Provide information Provide information and tools to restore and tools to restore normal operationsnormal operations

Appropriate solution Appropriate solution is provided to is provided to customers, such as a customers, such as a security update, tool security update, tool or fixor fix

Conduct internal Conduct internal process reviews process reviews and gather and gather lessons learnedlessons learned

Page 6: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Microsoft Response Program Microsoft Response Program AreasAreas

Community‐based defense – Microsoft Active Protection Program 

Rapid response communications – SCPCert

Defensive security knowledge – Exploitability Index

Isolate malicious software – MS Vulnerability Research

Support of worldwide law enforcement and legislatures

Page 7: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Coordinating MultiCoordinating Multi--vendor vendor response response

International Consortium for Advancement of Security International Consortium for Advancement of Security on the Internet (ICASI)on the Internet (ICASI)

Drive excellence and innovation in security response practices; and Enable ICASI collaboration to proactively analyze, mitigate, and resolve multi-vendor, global security challenges

Five Industry Members: Cisco, IBM, Intel, Juniper, MicrosoftOperational Response Coordination

Unified Security Incident Response Plan

www.icasi.org

Page 8: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

A Security and Resiliency A Security and Resiliency ContinuumContinuum

Page 9: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing

Resilient Operational FrameworkResilient Operational Framework

Page 10: Organizing for Resilient Operational Response

Click to edit Master text styles– Second level

Third level– Fourth level

Fifth level

Global Security Strategy and DiplomacyTrustworthy Computing


Climate-Resilient Water Management: An operational ... · i LEARIG PAPER Climate-Resilient Water Management: An operational framework from South Asia Contents Acknowledgements ii

FP Resilient Rural Belize (Be-Resilient)

for building climate resilient health systems · iv Operational framework for building climate resilient health systems Acronyms and abbreviations COP Conference of the Parties DFID

Staying Resilient Shaping Growth€¦ · local market conditions • Maintain a well staggered tenancy profile • Maintain balanced mix of SUAs and MTBs • Improve operational efficiency

MANAGERS Planning Organizing Leading Controlling Strategic Tactical Operational Strategy Formulation Management Controls Task Control Detector AssessorEffectorCommunication

Organizing an MRC Unit: Operational Components and the

Operational Guidelines - agricoop.gov.inagricoop.gov.in/sites/default/files/NMSA_Guldelines_English.pdf · of crop-livestock farming systems and integrated ... resilient by promoting

Resilient Food Systems, Resilient Cities

Introduction - Amazon Web Servicesnsp-blurbs.s3-website-us-west-2.amazonaws.com/... · 2018. 5. 10. · Introduction 5 organizing that is resilient, that clearly it isn’t dependant

Data & Univariate Statistics Constants & Variables Operational Definitions Organizing and Presenting Data Tables & Figures Univariate Statistics typicality,

RESILIENT GRID OPERATIONAL STRATEGIES - Energy.gov Grid Operational... · in specific service areas. High winds and wind-driven storm surge are major hurricane hazards. Strong wind

for building climate resilient health systems...This document presents the World Health Organization (WHO) Operational framework for building climate resilient health systems. The

Annual Report 2010 - Berkana · 2010 offered great opportunities for those of us at Berkana to walk our talk about resilient, self-organizing systems. Since making the declaration

…FOR A RESILIENT FUTURE In 2016 we continued to focus on Petrofac’s core strengths, with a particular emphasis on operational excellence. …

RESILIENT INDUSTRY STUDY - Welcome to NYC.gov · Resilient Industry will create ma-terials summarizing targeted best operational and design practices for industrial businesses

RESILIENT BUSINESSES FOR RESILIENT NATIONS AND … · Resilient Businesses for Resilient Nations and Communities 1. Resilient businesses for a resilient Asia-Pacific 4 Foreword Disaster

[email protected], 1 Toward Systems With a Will to Live SORNS Self Organizing Resilient Network Sensing 3Mar2010 This project is sponsored by the Department

RESILIENT COASTLINES RESILIENT COMMUNITIES

Organizing self-organizing teams

Intelligence Preparation for Operational Resilience (IPOR) › asset_files › Special...1.4.3 Organizing Input and Analysis Steps 4 1.4.4 Framing Cyber Intelligence for Practical

Resilient Parent, Resilient Child

COVER STORY, PART 1 Resilient hospital design · 2020-06-04 · COVER STORY, PART 1 // RESILIENT HOSPITAL DESIGN pressure rooms with just a couple of operational changes.” Opened

How to Create Resilient Microservices With a PostgreSQL ...€¦ · Monolithic vs. Microservices Multiple Identities Operational Coupling Binary Coupling Synchronous Communication

pwc.co.uk Operational resilience · harder it is to visualise how operationally resilient they are from end-to-end. This makes it easier for serious operational vulnerabilities to

ORGANIZING RULES (OGR) - World Karate Federationwkf.net/pdf/wkf-organizing-rules.pdf · ORGANIZING RULES (OGR) WKF Organizing Rules 2 APPROVED 2010 ORGANIZING RULES (OGR) INDEX

Governing Operational Decisions in an Enterprise … · Chapter 4. Organizing decision management ... viii Governing Operational Decisions in an Enterprise ... 2 Governing Operational

Operational Troubleshooting-enabled …sanneck.net/research/publications/papers/140630603364910.pdfOperational Troubleshooting-enabled Coordination in Self-Organizing Networks Christoph

Resilient Los Angeles · Resilient Los Angeles

RESILIENT PEOPLE RESILIENT PLANETapi.ning.com/files/M6XhXO28glDy3hJB-uawILVzsbGNg3bV7znR... · 2017-05-27 · RESILIENT PEOPLE, RESILIENT PLANET: A FUTURE WORTH CHOOSING 4 Environment

Cyber resilient infrastructure - Atkinsexplore.atkinsglobal.com/cyber/Atkins_Cyber... · Cyber resilience by the numbers 08 Defence and security in the information age 10 Operational

A Resilient P2PArchitecture for Mobile Resource Sharing · management [1], heterogeneous resource sharing [2, 3] and mobileserviceprovisioning[4].P2Psystemsaimtoutilizeself-organizing

hapter 2 Local Self-Organizing in Resilient Systems · Local Self-Organizing in Resilient Systems Locally owned processing and marketing systems based on ecologically sound production

Hoboken Resilient Buildings Worksho phobokennj.gov/.../2012/...Presentation-Hoboken-Resilient-Buildings.pdf · Hoboken Resilient Buildings Workshop . ... •Resilient Building Design

Emerald Book Chapter: Organizing Derrida organizing ... · Emerald Book Chapter: Organizing Derrida organizing: Deconstruction ... Postmodernism and Organizational Analysis ... Organizing:

Operational Framework of Community Organizing Process