infragard webinar march 2016 033016 a
TRANSCRIPT
RSA Conference 2016 Seven Key Takeaways You Can Use
Today
INFRAGARD
InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
Disclaimer
The views, opinions, and content of this webinar are solely those of the speakers and other contributors. These views and opinions do not necessarily represent those of InfraGard or InfraGard Atlanta Members Alliance (IAMA).
The views expressed here are commentary on themes emerging from the RSA Conferences 2016 and not in any way affiliated or connected with the official event.
JOSEPH DYER JR.
Joseph Dyer is Chief Information Security Officer with ICF International. ICF International provides professional services, technology solutions, and policy consulting that deliver beneficial impact in areas critical to energy, environment, infrastructure, health, social programs, public safety and defense. ICF has more than 5,000 employees that service government and commercial clients from more than 70 offices worldwide. Mr. Dyer manages ICF International’s corporate global cyber security program. Mr. Dyer has over 30 years of information technology experience with over 15 years of information security involvement.
Mr. Dyer holds a BS degree in Information Systems and maintains several industry certifications including Certified Information System Security Professional (CISSP), Certified Chief Information Security Officer (C|CISO), Global Information Assurance Certification (GIAC), Certified Hacking Forensic Investigator (CHIF), and Certified Computer Forensic Examiner (CHFI).
ConnectLinkedIn josephdyer
WARD PYLES
ConnectLinkedIn wardpyles
Ward Pyles is the Manager of Security Risk and Governance with The Home Depot, the world’s largest home improvement specialty retailer with more than 2,200 North American stores and 350,000 employees. With a Master of Law and more than 15 years of experience in Information Security, Ward’s extensive background in technology, regulatory compliance, and risk management assists The Home Depot in security practices and infrastructure protection.
During Mr. Pyles career he has advised Congressional staff and DHS on critical infrastructure security practices and participated as an author of the first Smart Grid security standards, the nationally industry leverage NIST Cyber Security Framework, and maturity models from DOE. His global experience advising electric organizations of critical infrastructure security threats was leveraged in the development of the industries first in-house proactive ISO 27001 assessment processes.
TREVOR HORWITZ
Trevor Horwitz is the founder and CISO of TrustNet, a leading specialized provider of IT Security and Compliance services. Trevor has designed, developed, and assessed security and compliance solutions for corporations of all sizes and across multiple industries for over twenty years. Trevor is a PCI Qualified Security Assessor and contributing member of the PCI Security Council’s special interest group on virtualization and cloud security.
His career experience includes roles as the CEO of a pioneering network security company and a senior consultant at PWC. He is the President of InfraGard Atlanta, past Executive Board member of ISACA Atlanta, and has been active in the Technology Association of Georgia for over fifteen years. Trevor holds a Bachelor of Commerce from the University of the Witwatersrand, Johannesburg, South Africa with a triple major in Accounting, Information Systems, and Business Law.
ConnectLinkedIn trevorhorwitz
SUPPORT OUR SPONSORS
TrustNet helps businesses build trusted relationships with their customers, partners, and
employees by providing CyberSecurity and Compliance
services and solutions
Managed Security Services Compliance – PCI QSA, SOC, HIPAA, FISMA,
ISO, SOX Security Consulting – Penetration Testing Awareness Training
www.TrustNetInc.com
The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies’ critical infrastructures with innovative solution providers
and renowned information security experts.
www.CyberSummitUSA.com
1. Ransomware on the Rise 2. Back to Basics - we’re still playing defense
3. The Target is Expanding4. The New Face of Threat Modelling5. Breached – Now what?
6. Extending Your Security Team7. Threat Detection – It’s still a thing
AGENDA
1. Yes, the presentation will be available after the webinar ends. We will email you a link to the recording in the next day or so.
2. If you have a question, send it to us in the chat window on the left side of your screen!
FAQ’S
RANSOMWARE ON THE RISE
The earliest known ransomware was devised
by Joseph Popp. Popp wrote the “AIDS” Trojan (aka PC Cyborg) in 1989
RANSOMWARE ON THE RISE Backup, backup, backup
Maintain vigilance with anti-spam and anti-malware s/w
Train users to be suspicious of email Check sender addresses Check content of messages Avoid clicking links in email
Keep all software patched and up-to-date
Practice you incident response plan with a ransomware scenario
Setup a bitcoin account, just in case
BACK TO BASICSwe’re still playing defense, but not very well
BACK TO BASICSwe’re still playing defense, but not very well
Authentication
Multi factor is an emerging standard, even for local network access
Firewalls, routers, IDS/IPS
Endpoints - anti-malware, secure browsers, file integrity monitoring
Software updates and patching
Yes, we know it’s tedious and you hate it
Encryption
Data at rest and in motion, even on the corporate network
Monitoring - log management, threat management, vulnerability management
Don’t have the capabilities and resources? Consider Managed Security Services
THE TARGET IS EXPANDING – DATA IS TOXIC
Data breaches average $154 per record, while the average cost per data
breach has reached $3.79MM
THE TARGET IS EXPANDING – DATA IS TOXIC
Cloud and Big Data - a marriage made in heaven is heading for a break-up
Focus on data ex-filtration and DLP is not enough
Many organization have no idea where all their data resides
Risk of storing some types of data may exceed its value to the organization
Some data types have diminishing returns
Tokenization highly recommended
Treating data as toxic will change the security posture
THE NEW FACE OF THREAT MODELLING
Threat Modeling Approaches
Software-centric
Asset-centric
Attacker-centric
THE NEW FACE OF THREAT MODELLINGProcess
Decompose the application/network/system
Identification and classification, external dependencies, entry points, assets, trust levels
Identify and rank threats
STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege)
DREAD risk ranking (damage potential, reproducibility, exploitability, affected users, discoverability)
Develop countermeasures and mitigation
OWASP Application Threat Modeling
https://www.owasp.org/index.php/Application_Threat_Modeling
ATLANTA CYBER SECURITY SUMMITWednesday, April 6, 2016
9:00 AM to 6:00 PMThe Ritz-Carlton Buckhead
The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies’ critical infrastructures with
innovative solution providers and renowned information security experts.
“Special Offer for InfraGard Members”
http://cybersummitusa.com/atlanta-2016/
BREACHED – NOW WHAT?
BREACHED – NOW WHAT? Build security resilience and elasticity into architecture
Automation – incident detection and response
Interoperability – distributed detection across the network
Authentication – trusted communication and collaboration
Resilience cycles
Pre-disruption – scan and eliminate vulnerabilities
During Disruption– rapid automated response
Post Disruption– reshape the environment new
Technical tools to achieve this are not mature
Software-Defined Networking may be the catalyst
OUR PANELISTSTrevor HorwitzJoseph Dyer Jr.
LinkedIn josephdyer LinkedIn trevorhorwitz LinkedIn wardpyles
Ward Pyles
EXTENDING YOUR SECURITY TEAM
Malicious cyber attacks cost US $300 B to US $ 1Trillion a
year
Demand for information security professionals is
expected to grow by 53% by 2018
EXTENDING YOUR SECURITY TEAM Shortage of resources can’t be fixed in the short term
Coopting resources – the “extended security team”
Leveraging non-security team personnel as security champions/advocates
Build security into organizational culture
Educate employees – #WeAreAllSecurity
Reward positive behavior
Outsourcing
Managed Security Services
Co-Managed Security
THREAT DETECTION – IT’S STILL A THING
THREAT DETECTION – IT’S STILL A THING Three pillars of threat detection
Visibility
Real time collection
Identity
Accurate identification
Automate analysis
Risk
Escalate response based on risk
Get serious about vulnerability scanning
More frequent penetration testing
SUPPORT OUR SPONSORS
TrustNet helps businesses build trusted relationships with their customers, partners, and
employees by providing CyberSecurity and Compliance
services and solutions
Managed Security Services Compliance – PCI QSA, SOC, HIPAA, FISMA,
ISO, SOX Security Consulting – Penetration Testing Awareness Training
www.TrustNetInc.com
The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies’ critical infrastructures with innovative solution providers
and renowned information security experts.
www.CyberSummitUSA.com
THE RECAP
1. Prepare for a ransomware attack2. Revisit your defensive strategy3. Revaluate what data you retain4. Improve your threat modelling5. Develop a resilience strategy6. Extend your security team 7. Assess your threat detection capabilities
www.TrustNetInc.com
Twitter @TrustNetIncLinkedIn #TrustNetInc
www.CyberSummitUSA.com