Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Published byDarcy Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2."— Presentation transcript:

1 Thursday, January 23, 2014 10:00 am – 11:30 am

2 Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2

3 State of Hawaii’s Transformation Programs 3

4 Cyber Security Center of Excellence Strengthen the ability to detect and respond to enterprise-wide cyber incidents/threats Design a formal enterprise-wide incident response plan Accelerate integration of tools to support SOC Security Operations Center Mission Statement: “To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.” 4

5 Assess Plan Implementation Verify and Validate Project Phase 4 Phased Approach 5

6 6 Implementation - Security Devices

7 Lessons Learned Integration Process Training Detect AnalyzeRespond Recover Implementation 7 Enterprise-Wide Incident Response Plan

8  Detection through ArcSight ◦ Detect intrusions at perimeter, internal network, hosts, applications Implementation - Detect 8

9  Detailed Analysis with LiveAction ◦ Determine severity, scope, business impact Implementation - Analyze 9

10  Initial Cyber Incident Report ◦ Notification to Business and Program Owners Implementation - Analyze 10

11  Response Options ◦ Can stop attack at perimeter, access layer, host, or somewhere in between Implementation - Respond 11

12  Recover systems to normal state ◦ Includes threat removal, damage assessment, forensics, reporting and lessons learned  Plan the Recovery  Collect Incident Data  Cleanup & Recovery of Incident  Forensics - Reconstruct  Damage & Cost assessment  Revise plan & response  Complete post-incident analysis and reporting  Reporting internally & to authorities Implementation - Recover 12

13  Ensure mitigation efforts were successful ◦ Watch-list monitoring with multiple Cyber Tools ArcSight LiveAction Intrusion Prevention System Implementation – Verify and Validate 13

14 Next Steps  Continue Server Categorization  Defining use cases for Alerting, Reporting and Dashboards in ArcSight  Continue Adversary Hunting  Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems)  Begin Enterprise-Wide Incident Response Program Development Thank You 14

Download ppt "Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Department Of Computer Engineering

Department Of Computer Engineering
Www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.

SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
SANS Technology Institute - Candidate for Master of Science Degree Establishing a Security Metrics Program Tiger Team Final Report Chris Cain & Erik Couture.

SANS Technology Institute - Candidate for Master of Science Degree Establishing a Security Metrics Program Tiger Team Final Report Chris Cain & Erik Couture.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Summer, 2015 1.

Summer,
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Recent Cyber Attacks and Countermeasures September 2006.

Recent Cyber Attacks and Countermeasures September 2006.

Similar presentations

Ads by Google