1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

Slides:



Advertisements
Similar presentations
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Advertisements

IT Security Policy Framework
Network Systems Sales LLC
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Controls – What Works
© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Complying With The Federal Information Security Act (FISMA)
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Panel: Moderator: Michele Iversen Guest Experts: Dr. Ron Ross, Rod Beckstrom, Bob Wandell.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.
The Changing World of Endpoint Protection
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Remote Access Tools Policy John Jarocki May 2010 GIAC GSEC, GCIA, GCIH, GCFW, GPEN.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Security and the Questions Business Users should be asking the Techies.
Copyright 2009 Trend Micro Inc. Beyond AV security, now with DLP and web protection. Trend Micro PortalProtect SharePoint Security.
IT Controls Global Technology Auditing Guide 1.
Introduction to Information Security
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Chapter 1: Security Governance Through Principles and Policies
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
White Paper: Enterprise Encryption and Key Management Strategy 1 Vormetric Contact: Name: Tina Stewart (send traffic.
Penetration Testing in Financial Institutions
Cybersecurity - What’s Next? June 2017
Critical Security Controls
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Security Risk Profiles – Tips and Tricks
9/14/2018 2:22 AM THR2026 Set up secure and efficient collaboration for your organization with Office 365 Joe Davies Senior Content Developer Brenda Carter.
Data Loss Prevention in O365:The Basics
Making Information Security Manageable with GRC
Threat Landscape for Data Security
How to Mitigate the Consequences What are the Countermeasures?
IT Development Initiative: Status & Next Steps
IBM GTS Storage Security and Compliance overview.
Designing IIS Security (IIS – Internet Information Service)
HQ Expectations of DOE Site IRBs
Security in SharePoint and Teams with DLP, IRM, and AIP
Presentation transcript:

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government DSD’s 35 Mitigating Strategies Ahmed Abdel-Aziz and Robert Sorensen February, 2012 SANS Technology Institute M.Sc. in Information Security Engineering

Objective Provide guidance that GIAC Enterprises can use to be in compliance with the most recognized information security frameworks… NIST SP 800 Documents SANS’ Consensus Audit Guidelines (CAG) Australian Government Defence Signals Directorate’s (DSD) top 35 Strategies …while looking for opportunities to automate controls and provide information back to management in a meaningful format.

SP 800, 20 Critical Controls, and DSD’s 35 Mitigating Strategies Federal Information Security Management Act (FISMA) – authorized by Title III of E-Government Act of National Institute of Standards and Technology (NIST) tasked to develop, document, and implement security standards (FISMA Implementation Project) Special Publication (SP) Federal Information Process Standard (FIPS) 200 SANS’, US defense base, federal agencies, and private organizations defined most critical controls to protect information and information systems. Consensus Audit Guidelines – 20 Critical controls Australian Government Defence Signals Directorate DSD’s Top 35 Mitigating Strategies

SP 800, 20 Critical Controls, and DSD’s 35 Mitigating Strategies The SANS’ 20 Critical Controls are meant to reinforce and prioritize some of the most important elements of the guidelines, standards, and requirements put forth in other US government documentation, such as NIST Special Publication These guidelines do not conflict with such recommendations. In fact, the guidelines set forth are a proper subset of the recommendations of NIST SP , designed so that organizations can focus on a specific set of actions associated with current threats and computer attacks they face every day. The DSD’s 35 Mitigating Strategies focus on individual tasks organizations can undertake to improve their security stance. They are a focused subset of the 20 Critical Controls.

APT-Focused Security Strategy Risk-Based Approach Initially implement subset of 20 Critical Controls to address GIAC Enterprises’ highest risks first (APT-related risks) “Offense informs defense” concept suggests that 4 controls are best geared to address APT-related risks Controlled Access based on the Need-to-Know (Control 15) Continuous Vulnerability Assessment and Remediation (Control 4) Malware Defenses (Control 5) Data Loss Prevention (DLP) (Control 17)

Automation Approach: Controls 15 & 17 (Focus on the Data) Credit card data Privacy data (PII) Health care information Sensitive Regulatory Data Intellectual property Financial information Trade secrets Sensitive Corporate Data Control Data-at-RestControl Data-in-MotionControl Data-in-Use

Automation Approach: Controls 15 & 17 (Automating Data Classification and Policy Definition) Step 1 Identify files & set business rules + Step 2 Create DLP Policy & check for feasibility Step 3 DLP Policy is routed for approval Step 4 Approved DLP policy End Users DLP Admin Business Managers Policy applied across the organization

Automation Approach: Controls 15 & 17 (Automating the Control of Data-in-Motion) Risk Across: web protocols, s, IM, generic TCP/IP protocols DISCOVER (Data-in-Motion) EDUCATE (Data-in-Motion) ENFORCE (Data-in-Motion) Process to Reach Automation (Data-in-Motion) ? RISK TIME Understand Risk Reduce Risk Users Just-in-Time Encryption, Blocking, etc. (Monitor Only) (Monitor & Educate) (Automate Action)

Automation Approach: Controls 15 & 17 (Automating the Control of Data-at-Rest) Data Loss Prevention (DLP SharePoint Databases Endpoints NAS/SAN File Servers Risk Remediation Manager (RRM) File Activity Tools GRC Systems Apply DRM Encrypt Delete / Shred Change Permissions Policy Exception Business Users Discover Sensitive Data Manage Remediation Workflow Apply Controls

Automation Approach: Controls 4 & 5 (Prevention and Mitigation of APTs/Understanding the Attack Vector)

Automation Approach: Controls 4 & 5 (Risk Assessment/Continuous Monitoring) Risk Assessment Vulnerability Scanning

Automation Approach: Controls 4 & 5 (Automating Continuous Vulnerability Assessment and Remediation)

Automation Approach: Controls 4 & 5 (Automating Continuous Monitoring of Malware and Malware Callbacks) Reducing risk of data loss through malware infections Implement basic and necessary malware protection – HIPS, AV, AntiSpam, etc. Train and educate users concerning social engineering tactics. Use of advanced technology – Virtual inspection of executable malware in real-time to identify and block command and control communications.

Recommended Action Plan 1)Conduct gap assessment to compare GIAC Enterprises’s current security stance to detailed critical controls 2)Implement “quick win” critical controls to address gaps 3)Implement controls numbers 4 & 5 using previous automation approaches 4)Implement controls numbers 15 & 17 using previous automation approaches 5)Analyze and understand how remaining controls (beyond quck wins, and controls 4, 5, 15, 17) can be deployed 6)Plan for deployment, over the longer term, of the “advanced controls”, giving priority to controls 4, 5, 15, 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.