the state of security management by jim reavis [email protected] january 2003
Post on 19-Dec-2015
216 views
TRANSCRIPT
![Page 2: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/2.jpg)
Agenda
What is Security Management? What are the different components? What do I do?
![Page 3: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/3.jpg)
What is Security Management?
A comprehensive system of tools and processes used to assure company policy compliance, identify deviations and adjust network computing systems accordingly
OR A cycle of pushing controls to the network
and collecting risk and threat information from all devices
![Page 4: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/4.jpg)
Breaking down Security Mgt
Configuration Management Policy Management Event Management
Relating it to the Enterprise Users Computers Network
![Page 5: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/5.jpg)
Configuration Management
Maintaining consistent security profiles for networked devices, accounts, applications and data– Centralized vs decentralized– Hierarchical– Transparent
![Page 6: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/6.jpg)
Configuration Management
Users: Identity Management, Authentication, Tokens
Computers: Installation and Patch Management
Network: Network Management
![Page 7: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/7.jpg)
Configuration Management Issues Identity Mgt, PKI, etc., are expensive and
difficult to implement Corporations have difficulty keeping up
with vendor patches and advisories Corporations like “stable” networks with
infrequent changes to standards Many administrators “push back” against
automation of configuration (e.g. Cisco IOS gurus)
![Page 8: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/8.jpg)
Configuration Management Trends Self service password resetting is a “killer app” for
enterprise identity management Patch management will improve capabilities to
automate PC updates Business Security Intelligence will grow in
popularity to improve configuration decisions Combination of vulnerability assessment/quick
remediation will be seen as superior to traditional technologies such as AntiVirus
![Page 9: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/9.jpg)
Policy Management Translating corporate security policies into a
computer friendly format, identifying systems that are out of compliance, bringing them back into compliance– Proactive – Force users to be created, systems to be
built with secure, i.e. non-default setups– Vulnerability assessment – use network and host
scanning to identify policy violations, enabled guest accounts, poor passwords, etc.
– Create a “Closed Loop” system forcing non-compliant systems discovered by VA to be brought into compliance
![Page 10: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/10.jpg)
Policy Management
Users: Creating corporate policies, Building policy awareness
Computers: Synchronizing computer settings with corporate policies
Network: Monitoring network traffic for out of compliance activity and anomalous behaviors, Synchronizing network devices with policies
![Page 11: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/11.jpg)
Policy Management Issues
Many corporate policies are difficult to enforce with technology
Tight corporate policies create unintended side effects, e.g. forwarding sensitive messages to Internet accounts
Low end user awareness of corporate policies
Low mgt awareness of how their networks are really being used
![Page 12: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/12.jpg)
Policy Management Trends
Enterprise “Carnivore” – big brother applications that track all network activity and identify policy violations
Policy education programs integrated with Human Resources
Automated policy mgt gets integrated with configuration mgt
![Page 13: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/13.jpg)
Event Management
Collect real time information from Firewalls, IDS, Syslogs, Network probes and other devices – Data reduction, normalization & correlation– Comprehensive device support– Visualization & situational analysis
![Page 14: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/14.jpg)
Event Management
Users: Intruder lockouts, abnormal user behavior
Computers: Identify attacks and mitigate them
Network: Identify attacks and filter anomalous traffic
![Page 15: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/15.jpg)
Event Management Issues
Accuracy - we still see too many false alarms when managing
Manual - people still need to make most of the decisions to counter an attack
No standards for risk ratings, reporting formats
Difficult for management consoles to keep up with device version changes
![Page 16: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/16.jpg)
Event Management Trends
In line – identify threats AND coordinate prevention
Quality of results depends on improving underlying technologies, notably IDS
Convergence with systems mgt vendors
![Page 17: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/17.jpg)
What do I do?
Use a Risk Management approach to determine the level of security management required for your enterprise
Risk = Asset Value * Severity of Vulnerability * Likelihood of successful attack
Allocate security mgt resources to reduce your levels of vulnerability and attack likelihood in order to bring risk to an acceptable level
![Page 18: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/18.jpg)
Baseline Management Approach
Identify your existing Baselines/Benchmarks
Set goals for new baselines Set milestones for new goals Measure progress
![Page 19: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/19.jpg)
Outsourcing/MSSP Approach
You must have an internal Risk Management program before you can outsource anything
Create SLAs Measure performance
![Page 20: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/20.jpg)
Summary
Security Management is about taking a … Comprehensive Integrated Proactive
…Approach
Reference listing of companies– http://csoinformer.com/research/sec-mgt.shtml
![Page 21: The State of Security Management By Jim Reavis jim@reavis.org January 2003](https://reader030.vdocuments.us/reader030/viewer/2022032703/56649d295503460f949fdf75/html5/thumbnails/21.jpg)
Questions How do I cost justify investments in security management? Will we see large systems management vendors such as IBM and CA dominate the Security management space? What impact do industry regulations such as HIPAA and GLB have on Security management? What role does Microsoft play is Security management? Can I trust product vendors to provide management capabilities for third party products? What standards can I look to for guidance in Security management? What is an ISAC? Is there specific training and certifications I should have for Security management?