Presentation is loading. Please wait.

Presentation is loading. Please wait.

OIT Security Operations

Published byArline Harrell Modified over 6 years ago

Similar presentations

Presentation on theme: "OIT Security Operations"— Presentation transcript:

1 OIT Security Operations
November 10th, 2016

2 OIT Security Operations
The Enterprise Security Operations team is responsible for the day-to- day security operations for our state agency customers. The team works with other OIT teams to ensure the State’s security position is balanced between business needs and the current threat to technology resources.

3 Enterprise Support The Enterprise Security Operations team works hand in hand with the Office of Information Security and implementing the Secure Colorado initiative. The CIS 20 Critical Security Controls are part of the Secure Colorado Initiative. The implementation strategy relies heavily on the security layered defense model. The four tiered (Endpoint Security, Network Security, SOC Services, Threat and Vulnerability Services) organization structure aligns with the CIS 20 Critical Security Controls strategy providing service at each layered defense level. The Enterprise Security Operations team is currently assigned to planning, architecting/designing, implementing, and running the security control/layered defense within the state infrastructure.

4 Enterprise Security Operations Services
Endpoint Security Services McAfee EPO Virus Scan Enterprise, Endpoint Encryption Policy Auditor Host Intrusion Prevention System (HIPS) Host Data Lost Prevention Anti-spyware, Application Whitelisting CIS Benchmark scanning Web Filtering - Agency Based Content Monitoring - Agency Based Threat and Vulnerability Management Services Vulnerability scanning ( Web, Application, DataBase) External and internal Pen testing Threat Intelligence Network Security Service Firewall Change Request- installation, modification and monitoring External DNS VPN - Site to Site, Client based remote access Security Operations Center Services Perimeter monitoring Incident response Intrusion Prevention System/Intrusion Detection Systems administrator Log management and correlation of state network traffic

5 Tools and Technologies
Intel (McAfee) Security Suite: Virus Scan Enterprise, Host IPS, Enhanced endpoint Policies, Global Threat Intelligence, Nitro - SIEM Palo Alto – Vulnerability protection, Application ACL inspections, DDOS protection, WildFire MS-ISAC Albert (IDS) services, US-Cert notification, Currently review tools for Advanced analytics and threat detections

6 Current and Future Metrics
Current Metrics: The ratio of managed to unmanaged assets Security Incident recorded in ticket system Number of machines patched Trending reports from SIEM Monthly Threat report from Cyber Joint Task Force Maturity Metrics: The ratio of managed to unmanaged assets The mean time to patch critical vulnerabilities The mean time to remediate an incident The percentage of systems that that meet compliance standards The percentage of users who fail selected social engineering tests

7 Key Factors for Maturing Threat Detection and Incident Response
Educate employees and IT staff – Currently providing quarterly security training for employees and IT staff. Additional training for IT staff focusing on first responders ability to identify a security event and elevation of security incident Incident Response Table Top exercises – The state Office of Information Security and Security Operations are performing monthly table top exercise during our Security All Hands meeting. In order to familiarize ourselves with our incident response plans, identify gaps and improvements. Additionally, the state is participating in table top exercises with the national guard and educational partners Alleviate admin burden (reduction of manual process) - Currently we are investing in solution to help automate incident response. The Intel (McAfee) MAR (McAfee Active Response), TIE/DXL, and ATD ( Advance Threat Detection) are in planning stages and will be identify threat and automate incident response. The state is also currently review Incident Response tools to help with tracking and providing standard operating procedure for handling security incidents. Reduce poor security practices and behavior – This is a cultural change for the state in which we are working with the IT team to think security while developing solution. This is a continuous effort which we are beginning to see significant improvement. North/South and East/West visibility - The state is beginning to posture itself to have visibility north, south, east, and west in each security zone. The initial phase was implemented two years ago when replacing the state perimeter and logically separating executive branch traffic from non-executive branch traffic.

8 Questions

Download ppt "OIT Security Operations"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Controls for Information Security

Controls for Information Security
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

Similar presentations

Ads by Google