Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Advertisements

Incident Response Managing Security at Microsoft Published: April 2004.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Stephen S. Yau CSE , Fall Security Strategies.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Department Of Computer Engineering
SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
SANS Technology Institute - Candidate for Master of Science Degree Establishing a Security Metrics Program Tiger Team Final Report Chris Cain & Erik Couture.
SEC835 Database and Web application security Information Security Architecture.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Summer,
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Recent Cyber Attacks and Countermeasures September 2006.
Chapter 5: Implementing Intrusion Prevention
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Ali Alhamdan, PhD National Information Center Ministry of Interior
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Governor’s Office of Homeland Security and Emergency Response State Directors Meeting February 24, 2014 Bruce A. Davis, Ph.D. Senior Program Manager Resilient.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )
Brandon Traffanstedt Systems Engineer - Southeast
Ops Control Tools April 18, 2011 Agenda Types of ops control tools How to implement in Profit Tools Examples Demo Discussion / Q&A.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
IS3220 Information Technology Infrastructure Security
Incident Response Christian Seifert IMT st October 2007.
Ensuring Test Data Integrity Tracy Cerda Cheryl Alcaya Minnesota Assessment Conference August 5, 2015 “Leading for educational excellence and equity. Every.
Why SIEM – Why Security Intelligence??
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Kevin Watson and Ammar Ammar IT Asset Visibility.
The process of identifying and controlling the risks is called Risk Management.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Proactive Incident Response
SIEM Rotem Mesika System security engineering
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
OIT Security Operations
Team 1 – Incident Response
Critical Security Controls
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
“Introduction to Azure Security Center”
Capabilities Matrix Access and Authentication
Cybersecurity Policies & Procedures ICA
Detection and Analysis of Threats to the Energy Sector (DATES)
Joe, Larry, Josh, Susan, Mary, & Ken
Wenjing Lou Complex Networks and Security Research (CNSR) Lab
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
I have many checklists: how do I get started with cyber security?
NRC Cyber Security Regulatory Overview
Cyber Defense Matrix Cyber Defense Matrix
ISMS Information Security Management System
Four Generations of Security Devices Putting IDS in Context
Cybersecurity ATD technical
Discussion points for Interpretation Document on Cybersecurity
Cyber Security in a Risk Management Framework
Data Security and Privacy Techniques for Modern Databases
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
UDTSecure TM.
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

Thursday, January 23, :00 am – 11:30 am

Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2

State of Hawaii’s Transformation Programs 3

Cyber Security Center of Excellence Strengthen the ability to detect and respond to enterprise-wide cyber incidents/threats Design a formal enterprise-wide incident response plan Accelerate integration of tools to support SOC Security Operations Center Mission Statement: “To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.” 4

Assess Plan Implementation Verify and Validate Project Phase 4 Phased Approach 5

6 Implementation - Security Devices

Lessons Learned Integration Process Training Detect AnalyzeRespond Recover Implementation 7 Enterprise-Wide Incident Response Plan

 Detection through ArcSight ◦ Detect intrusions at perimeter, internal network, hosts, applications Implementation - Detect 8

 Detailed Analysis with LiveAction ◦ Determine severity, scope, business impact Implementation - Analyze 9

 Initial Cyber Incident Report ◦ Notification to Business and Program Owners Implementation - Analyze 10

 Response Options ◦ Can stop attack at perimeter, access layer, host, or somewhere in between Implementation - Respond 11

 Recover systems to normal state ◦ Includes threat removal, damage assessment, forensics, reporting and lessons learned  Plan the Recovery  Collect Incident Data  Cleanup & Recovery of Incident  Forensics - Reconstruct  Damage & Cost assessment  Revise plan & response  Complete post-incident analysis and reporting  Reporting internally & to authorities Implementation - Recover 12

 Ensure mitigation efforts were successful ◦ Watch-list monitoring with multiple Cyber Tools ArcSight LiveAction Intrusion Prevention System Implementation – Verify and Validate 13

Next Steps  Continue Server Categorization  Defining use cases for Alerting, Reporting and Dashboards in ArcSight  Continue Adversary Hunting  Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems)  Begin Enterprise-Wide Incident Response Program Development Thank You 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.