thursday, january 23, 2014 10:00 am – 11:30 am. agenda cyber security center of excellence ...
TRANSCRIPT
IT Steering Committee MeetingSecurity Operations Center
Thursday, January 23, 201410:00 am – 11:30 am
Cyber Securi
ty Center
of Excellence
Strengthen the ability to detect and respond to enterprise-wide
cyber incidents/threat
s
Design a formal enterprise-wide
incident response plan
Accelerate integration of
tools to support SOC
Security Operations Center
Mission Statement:“To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.”
4
Lessons Learned
IntegrationProcess
Training
Detect Analyze
Respond
Recover
Implementation
7
Enterprise-Wide Incident Response Plan
Detection through ArcSight◦ Detect intrusions at perimeter, internal network, hosts,
applications
Implementation - Detect
8
Detailed Analysis with LiveAction◦ Determine severity, scope, business impact
Implementation - Analyze
9
Initial Cyber Incident Report◦ Notification to Business and Program Owners
Implementation - Analyze
10
Response Options◦ Can stop attack at perimeter, access layer, host, or
somewhere in between
Implementation - Respond
11
Recover systems to normal state ◦ Includes threat removal, damage assessment, forensics,
reporting and lessons learned
Plan the Recovery Collect Incident Data Cleanup & Recovery of Incident Forensics - Reconstruct Damage & Cost assessment Revise plan & response Complete post-incident analysis and reporting Reporting internally & to authorities
Implementation - Recover
12
Ensure mitigation efforts were successful◦ Watch-list monitoring with multiple Cyber Tools
Implementation – Verify and Validate
13
Next Steps
Continue Server Categorization Defining use cases for Alerting, Reporting
and Dashboards in ArcSight Continue Adversary Hunting Continued Ingestion of Devices (Servers,
Databases, Routers, Switches, Security Systems)
Begin Enterprise-Wide Incident Response Program Development
Thank You
14