SlideShare une entreprise Scribd logo

Automation of Information (Cyber) Security

Télécharger en tant que PPTX, PDF
Computer Aid, Inc
Computer Aid, Inc

Automation, security

LogicielsTechnologieBusiness
1  sur  19
Comprehensive Risk Management for a Cyber-Secure Organization Presented by Joe Hessmiller Director Computer Aid, Inc.
The Take-Away • Security is a Process. • All Three Information Security Control Areas (Physical, Technical and Administrative) Rely Heavily on Comprehensive Monitoring to Be Effective • Automation is Key to Continuously Monitoring Threat Vulnerabilities (Conditions of Failure) • Automation is Key to Modifying Behavior by Persistent Enforcing and Reinforcing of Security Practices
At the End of this Presentation You Will Be Able to… • Present to Stakeholders the Need for Automated Support for Information Security ‘Ensurance’ • Present to Stakeholders an Effective Approach to Automating Information Security ‘Ensurance’
Bad Things Happen to Good Systems http://seekingalpha.com/article/1324971-pandemic-cyber- security-failures-open-an-historic-opportunity-for-investors Major Violations Occur Too Frequently
The REAL Challenge of Information Security: Preventing Human Error through Situational Awareness “Industry has done a great job of increasing productivity and reducing costs, Habibi says, but the time has come to focus on preventing human error. He sees human reliability as the next area ripe for optimization across industry. Optimization is sorely needed here, according to Habibi, because industry has “essentially created a monster of complex information systems combining ERP, production management and real-time systems.” A key concept of human reliability, according to Habibi is “situation awareness.” Habibi says that situation awareness is essential to preventing errors because it addresses the physical environment (e.g., control room ergonomics, lighting, temperature, comfort, traffic, noise.), organizational culture (e.g., policies and procedures, shift schedules, reporting, work ethic, motivation, training, knowledge and skills) and the human-automation relationship.” The Human Reliability Challenge, David Greenfield, Director of Content/Editor-in-Chief , AutomationWorld, April 25, 2013 http://www.automationworld.com/safety/human-reliability-challenge
Security is a Process “If we've learned anything from the past couple of years, it's that computer security flaws are inevitable. Systems break, vulnerabilities are reported in the press, and still many people put their faith in the next product, or the next upgrade, or the next patch. "This time it's secure." So far, it hasn't been. Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches. The Process of Security, by Bruce Schneier, Information Security, April 2000
A Complex Process
Physical Logical Administrative Preventative Detective Corrective Deterrent Recovery Compensating Control Application Areas Functionality Information Security Matrix A Complex Process Organized Into Information Security Matrix Areas of Vulnerability Responses to Threats
Useful Policies DO Exist Standards Exist for “Mature” Policies and Procedures http://www.pkfavantedge.com/wp- content/uploads/2013/COBIT_Security.pdf http://cmmiinstitute.com/assets/Security-and- CMMI-SVC.pdf
Even Specific Security Standards Exist NIST SP 800-100 Information Security Handbook: A Guide for Managers ISO 27002 Information Security – Code of Practice
Checklist Resources Available http://www.slideshare.net/ATBHATTI/audit-checklist-for- information-systems-14849697
Automated Tools Focused on Specific Threats Exist • Fireeye: Malware Protection Service (MPS) • Microsoft: Systems Management Server (SMS) and Active Directory (AD) • TripWire (nCircle): IP360 and Configuration Compliance Manager • AlienVault: Unified Security Management • Symantec: Protection Suite Enterprise Edition (ED), NetBackup and Veritas Cluster Server (VCS) • PfSense • APC Infrastruxure • VMware vSphere • Honeywell: NOTIFIER fire alarm systems, Access control systems and Intrusion detection systems “Hard” Data Sources
But, Automation Has a Long Way to Go Automation possibilities in information security management 2011, http://www.sba-research.org/wp-content/uploads/publications/PID1947709.pdf
We Need Comprehensive Monitoring and Control Effective automation can address the challenges. Part of the solution is consolidating information security monitoring data into a comprehensive risk management platform for analysis and reporting. Another part of the solution is getting ALL of the important data. This includes feedback on information security conditions from the people in the process. Then, the main part is possible; changing behaviors BY monitoring and control. Administrative Control Silo Physical Control Silo Logical Control Silo Automated Conditions Monitoring and Analysis System
What Does Comprehensive Information Security Automation Look Like? Controls, Mechanisms Standards, Guidelines
The “Missing” Link in Information Security Automation Incorporate: • “Hard” Data from Automated Systems with • Human Feedback for • COMPREHENSIVE Information Security Assessment and • REINFORCEMENT of Information Security Policies Automated Security Control Room ‘Hard’ Data From Monitoring Systems ‘Soft’ Data From Human Assessments
Comprehensive, At-a-Glance Insight Into Info Security Conditions
Accountability = Behavior Change • Periodic Assessment – Reminders of “Should Do’s – Validation of “Did Do”s – Two-way Feedback • Situational Awareness • Behaviors Change “What gets measured, gets done.”
Why Automate Control Functionality • So It Will be Done Comprehensively • So It Will Be Done Consistently • So it Will Be Done Effectively • So It Will Be Done Efficiently • So We Will Have Comprehensive Data for Analysis • BEHAVIOR WILL BE CHANGED

Recommandé

Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsLeonardo
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyICT Watch
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 

Recommandé

Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsLeonardo
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyICT Watch
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Cybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureCybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureDr David Probert
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaEvan Pathiratne
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityNebiyeLioul
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapDavid Sweigert
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 

Contenu connexe

Tendances

New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Cybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureCybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureDr David Probert
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaEvan Pathiratne
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapDavid Sweigert
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 

Tendances (20)

New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Cybersecurity for Critical National Infrastructure
Cybersecurity for Critical National InfrastructureCybersecurity for Critical National Infrastructure
Cybersecurity for Critical National Infrastructure
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri Lanka
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - Kloudlearn
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 

Similaire à Automation of Information (Cyber) Security

Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Information Security for Business Leaders - Eric Vanderburg - JurInnov
Information Security for Business Leaders - Eric Vanderburg - JurInnovInformation Security for Business Leaders - Eric Vanderburg - JurInnov
Information Security for Business Leaders - Eric Vanderburg - JurInnovEric Vanderburg
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Positive Hack Days
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 
Synack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack
 

Similaire à Automation of Information (Cyber) Security (20)

Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Information Security for Business Leaders - Eric Vanderburg - JurInnov
Information Security for Business Leaders - Eric Vanderburg - JurInnovInformation Security for Business Leaders - Eric Vanderburg - JurInnov
Information Security for Business Leaders - Eric Vanderburg - JurInnov
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )
 
information security management
information security managementinformation security management
information security management
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ?
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
 
Synack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack cirtical infrasructure webinar
Synack cirtical infrasructure webinar
 
Cybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCybersecurity Training for Nonprofits
Cybersecurity Training for Nonprofits
 

Plus de Computer Aid, Inc

A Few Interesting Observations From 2014 PMI Pulse
A Few Interesting Observations From 2014 PMI PulseA Few Interesting Observations From 2014 PMI Pulse
A Few Interesting Observations From 2014 PMI PulseComputer Aid, Inc
 
Management by Walking Around
Management by Walking AroundManagement by Walking Around
Management by Walking AroundComputer Aid, Inc
 
Knowledge Management - By Joe Hessmiller
Knowledge Management - By Joe HessmillerKnowledge Management - By Joe Hessmiller
Knowledge Management - By Joe HessmillerComputer Aid, Inc
 
Why Do CIO's Get Fired? By Joe Hessmiller
Why Do CIO's Get Fired? By Joe HessmillerWhy Do CIO's Get Fired? By Joe Hessmiller
Why Do CIO's Get Fired? By Joe HessmillerComputer Aid, Inc
 
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...Computer Aid, Inc
 
Driving Innovative IT Metrics (Project Management Institute Presentation)
Driving Innovative IT Metrics (Project Management Institute Presentation)Driving Innovative IT Metrics (Project Management Institute Presentation)
Driving Innovative IT Metrics (Project Management Institute Presentation)Computer Aid, Inc
 
APO State Government Business Brief
APO State Government Business BriefAPO State Government Business Brief
APO State Government Business BriefComputer Aid, Inc
 
White paper-management-by-walking-around
White paper-management-by-walking-aroundWhite paper-management-by-walking-around
White paper-management-by-walking-aroundComputer Aid, Inc
 
Leadership, Presented at Lehigh University
Leadership, Presented at Lehigh UniversityLeadership, Presented at Lehigh University
Leadership, Presented at Lehigh UniversityComputer Aid, Inc
 
Managing in the 21st Century
Managing in the 21st CenturyManaging in the 21st Century
Managing in the 21st CenturyComputer Aid, Inc
 
Managing in the 21st Century
Managing in the 21st CenturyManaging in the 21st Century
Managing in the 21st CenturyComputer Aid, Inc
 
APO IT Buzz Overview and Screenshots
APO IT Buzz Overview and ScreenshotsAPO IT Buzz Overview and Screenshots
APO IT Buzz Overview and ScreenshotsComputer Aid, Inc
 
Interview with Risk Management Practitioner: Robert Charette
Interview with Risk Management Practitioner: Robert CharetteInterview with Risk Management Practitioner: Robert Charette
Interview with Risk Management Practitioner: Robert CharetteComputer Aid, Inc
 

Plus de Computer Aid, Inc (20)

A Few Interesting Observations From 2014 PMI Pulse
A Few Interesting Observations From 2014 PMI PulseA Few Interesting Observations From 2014 PMI Pulse
A Few Interesting Observations From 2014 PMI Pulse
 
Management by Walking Around
Management by Walking AroundManagement by Walking Around
Management by Walking Around
 
Knowledge Management - By Joe Hessmiller
Knowledge Management - By Joe HessmillerKnowledge Management - By Joe Hessmiller
Knowledge Management - By Joe Hessmiller
 
Why Do CIO's Get Fired? By Joe Hessmiller
Why Do CIO's Get Fired? By Joe HessmillerWhy Do CIO's Get Fired? By Joe Hessmiller
Why Do CIO's Get Fired? By Joe Hessmiller
 
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
 
Driving Innovative IT Metrics (Project Management Institute Presentation)
Driving Innovative IT Metrics (Project Management Institute Presentation)Driving Innovative IT Metrics (Project Management Institute Presentation)
Driving Innovative IT Metrics (Project Management Institute Presentation)
 
APO State Government Business Brief
APO State Government Business BriefAPO State Government Business Brief
APO State Government Business Brief
 
White paper-management-by-walking-around
White paper-management-by-walking-aroundWhite paper-management-by-walking-around
White paper-management-by-walking-around
 
Leadership, Presented at Lehigh University
Leadership, Presented at Lehigh UniversityLeadership, Presented at Lehigh University
Leadership, Presented at Lehigh University
 
APO ITBuzz Overview
APO ITBuzz OverviewAPO ITBuzz Overview
APO ITBuzz Overview
 
Introduction to CAI
Introduction to CAIIntroduction to CAI
Introduction to CAI
 
Managing in the 21st Century
Managing in the 21st CenturyManaging in the 21st Century
Managing in the 21st Century
 
State of Georgia
State of GeorgiaState of Georgia
State of Georgia
 
Managing in the 21st Century
Managing in the 21st CenturyManaging in the 21st Century
Managing in the 21st Century
 
APO IT Buzz Overview and Screenshots
APO IT Buzz Overview and ScreenshotsAPO IT Buzz Overview and Screenshots
APO IT Buzz Overview and Screenshots
 
AmeriHealth Case Study
AmeriHealth Case StudyAmeriHealth Case Study
AmeriHealth Case Study
 
APO Presentation
APO PresentationAPO Presentation
APO Presentation
 
Interview with Risk Management Practitioner: Robert Charette
Interview with Risk Management Practitioner: Robert CharetteInterview with Risk Management Practitioner: Robert Charette
Interview with Risk Management Practitioner: Robert Charette
 
APO 2.0
APO 2.0APO 2.0
APO 2.0
 
IT buzz overview
IT buzz overview IT buzz overview
IT buzz overview
 

Dernier

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Dernier (20)

Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Automation of Information (Cyber) Security

  • 1. Comprehensive Risk Management for a Cyber-Secure Organization Presented by Joe Hessmiller Director Computer Aid, Inc.
  • 2. The Take-Away • Security is a Process. • All Three Information Security Control Areas (Physical, Technical and Administrative) Rely Heavily on Comprehensive Monitoring to Be Effective • Automation is Key to Continuously Monitoring Threat Vulnerabilities (Conditions of Failure) • Automation is Key to Modifying Behavior by Persistent Enforcing and Reinforcing of Security Practices
  • 3. At the End of this Presentation You Will Be Able to… • Present to Stakeholders the Need for Automated Support for Information Security ‘Ensurance’ • Present to Stakeholders an Effective Approach to Automating Information Security ‘Ensurance’
  • 4. Bad Things Happen to Good Systems http://seekingalpha.com/article/1324971-pandemic-cyber- security-failures-open-an-historic-opportunity-for-investors Major Violations Occur Too Frequently
  • 5. The REAL Challenge of Information Security: Preventing Human Error through Situational Awareness “Industry has done a great job of increasing productivity and reducing costs, Habibi says, but the time has come to focus on preventing human error. He sees human reliability as the next area ripe for optimization across industry. Optimization is sorely needed here, according to Habibi, because industry has “essentially created a monster of complex information systems combining ERP, production management and real-time systems.” A key concept of human reliability, according to Habibi is “situation awareness.” Habibi says that situation awareness is essential to preventing errors because it addresses the physical environment (e.g., control room ergonomics, lighting, temperature, comfort, traffic, noise.), organizational culture (e.g., policies and procedures, shift schedules, reporting, work ethic, motivation, training, knowledge and skills) and the human-automation relationship.” The Human Reliability Challenge, David Greenfield, Director of Content/Editor-in-Chief , AutomationWorld, April 25, 2013 http://www.automationworld.com/safety/human-reliability-challenge
  • 6. Security is a Process “If we've learned anything from the past couple of years, it's that computer security flaws are inevitable. Systems break, vulnerabilities are reported in the press, and still many people put their faith in the next product, or the next upgrade, or the next patch. "This time it's secure." So far, it hasn't been. Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches. The Process of Security, by Bruce Schneier, Information Security, April 2000
  • 8. Physical Logical Administrative Preventative Detective Corrective Deterrent Recovery Compensating Control Application Areas Functionality Information Security Matrix A Complex Process Organized Into Information Security Matrix Areas of Vulnerability Responses to Threats
  • 9. Useful Policies DO Exist Standards Exist for “Mature” Policies and Procedures http://www.pkfavantedge.com/wp- content/uploads/2013/COBIT_Security.pdf http://cmmiinstitute.com/assets/Security-and- CMMI-SVC.pdf
  • 10. Even Specific Security Standards Exist NIST SP 800-100 Information Security Handbook: A Guide for Managers ISO 27002 Information Security – Code of Practice
  • 12. Automated Tools Focused on Specific Threats Exist • Fireeye: Malware Protection Service (MPS) • Microsoft: Systems Management Server (SMS) and Active Directory (AD) • TripWire (nCircle): IP360 and Configuration Compliance Manager • AlienVault: Unified Security Management • Symantec: Protection Suite Enterprise Edition (ED), NetBackup and Veritas Cluster Server (VCS) • PfSense • APC Infrastruxure • VMware vSphere • Honeywell: NOTIFIER fire alarm systems, Access control systems and Intrusion detection systems “Hard” Data Sources
  • 13. But, Automation Has a Long Way to Go Automation possibilities in information security management 2011, http://www.sba-research.org/wp-content/uploads/publications/PID1947709.pdf
  • 14. We Need Comprehensive Monitoring and Control Effective automation can address the challenges. Part of the solution is consolidating information security monitoring data into a comprehensive risk management platform for analysis and reporting. Another part of the solution is getting ALL of the important data. This includes feedback on information security conditions from the people in the process. Then, the main part is possible; changing behaviors BY monitoring and control. Administrative Control Silo Physical Control Silo Logical Control Silo Automated Conditions Monitoring and Analysis System
  • 15. What Does Comprehensive Information Security Automation Look Like? Controls, Mechanisms Standards, Guidelines
  • 16. The “Missing” Link in Information Security Automation Incorporate: • “Hard” Data from Automated Systems with • Human Feedback for • COMPREHENSIVE Information Security Assessment and • REINFORCEMENT of Information Security Policies Automated Security Control Room ‘Hard’ Data From Monitoring Systems ‘Soft’ Data From Human Assessments
  • 17. Comprehensive, At-a-Glance Insight Into Info Security Conditions
  • 18. Accountability = Behavior Change • Periodic Assessment – Reminders of “Should Do’s – Validation of “Did Do”s – Two-way Feedback • Situational Awareness • Behaviors Change “What gets measured, gets done.”
  • 19. Why Automate Control Functionality • So It Will be Done Comprehensively • So It Will Be Done Consistently • So it Will Be Done Effectively • So It Will Be Done Efficiently • So We Will Have Comprehensive Data for Analysis • BEHAVIOR WILL BE CHANGED