SlideShare une entreprise Scribd logo

Cyber Security Strategy for a Layered Holistic Approach

Fabrizio Cilli
Fabrizio Cilli

- The document discusses the need for a layered and holistic approach to cyber security including security management, risk containment, threat response, and crisis management given the changing landscape with IoT and cloud. - It emphasizes applying confidentiality, integrity and availability principles to information and considering information as the key element and most valuable asset rather than physical products. - Achieving situational awareness across edge, core, logical and physical layers through a combination of perimeter defenses, deep inspection, data analytics and monitoring is key to proper information protection.

1  sur  18
Télécharger pour lire hors ligne
A view on Cyber Security Speech proposed to ISACA Ireland on Governance Risk and Compliance Cyber Defense Strategy - Situational Awareness - GRC
Changing viewpoint, from the Enterprise IT business operations space, to a new domain entitled as “Cyber Territory” entailing IoT and Cloud, we find inevitable to consider a layered and holistic approach to : - Security Management, - Risk Containment, - Threat Response, - Crisis Management. Intro
Confidentiality, Integrity and Availability as “Basic unIT of information” attributes, are applied to each information set we map, and consider of value, for the uses it is subject to. Access to, and use of, that information is the key element for the future of “business”, in a truly transforming landscape. CIA to the BIT
The enormous attention we give to Industrial Control Systems today, is a hint of what we can expect from the near future: The Information, to control industrial processes and wealth assurance and growth, as more valuable than the product or asset itself. Information Builds Bridges ( LITERALLY )
How the information surpasses the intrinsic value of the product of its elaboration? By having, in a controlled (automated) environment, creative (as destructive) power. The Information piece of IoT and Industry Control Networks, as the Item (BIT) to which, Confidentiality, Integrity and Availability, have to be attentively applied. Creative Power
Alienation of Data items in an industrial control system or a data-centric enterprise environment, or IoT, means disruption of creative processes. Same applies to wealth management and banking environments. For this specific reason the “information capital”, intended as the “Data Set” for these specific purposes, have to be: Known, Valued, Managed, Protected, Disposed. Information as Capital
In this document Introductory Slide a “layered approach” was mentioned as key element of a sound Information and Cyber Security practice. To further explain, there are two dimensions we can easily mind-map to progress with the concept: - Edge-to-Core - when considering perimeter to the core networks; - Logical-to-Physical - when considering the top-down network traffic layers. Layered
Edge to Core This is where Attack Vector analysis applies.
Logical to Physical This is where DPI and Realtime analytics applies.
Taking from the established GRC and “Active Defense” Information Security practice, we tend to consider, as ways to protect the Information Assets: - Sound Governance of business processes - Extensive Risk management practice - Compliance to regulatory frameworks - Tools and Processes protecting our assets - Effective Incident Response procedures There is nothing inefficient in this list, if they blend. Holistic
Translating the objectives of Layered and Holistic into practice yet, it is easily done by mutuating the concept of Situational Awareness. Being this declined into the perimeter defences, it means the combination of proper edge and core security tools. Applied to communication layers, it has to conciliate with the capability of monitoring physical data transmission and its transformation, by application and user, access. Layered Holistic
To properly appreciate an elevated cyber security posture the two aspects of: 1) Perimeter and Data Egress points protection 2) Deep to Surface Data Analytics … Shall blend together, aiming for a timely and proactive … … Situational Awareness. Information Protection
“Governance, Risk and Compliance”-wide, the concept of Awareness is partly technological and partly procedural. Blending system and network status change with the capability to govern (Vulnerability), having a sound scoring system to track risk and its impact on the business (Risk), and the capability to have real time evidence of events (Threats). Linking these feeds to facilitate and improve incident response capability. (Countermeasures) … all in a world where M stands for Management … VM – RM – TM – CM
The underestimated gap in GRC programs, around Data (Information Item or BIT), its Value, its Container, the Transformation it is subject to, and the desired Outcome of that transformation, is to apply segregated forms of protection to it. A missing goal even for the Defense-in-Depth, if left to reciprocally unrelated technical capabilities: The Physical-to-Logical Data monitoring Deep Inspection and Application Protocol Analysis. The Emmenthal Effect ( IN SECURITY PROGRAMS STRATEGY )
I substantially want to point the auditor attention to the lessons learned, from the latest advanced, or low-and-slow cyber attack winning techniques: - Weak Application Protocols, even where encrypted; - Flaws in core operating system kernels and modules; - Holes into (managed) network elements firmware; Opening doors to … Advanced and Persistent Threats. That’s where I’d like to point at the “age” of these flaws, often there by design and unnoticed for decades. “Trailing” Persistent Threats
No matter how complex a network environment is, it will anyway fall into a 3D (three dimensional or more) layered model: The perimeter is a layered Candy. Communication stack is a Milfoil. Candy and Milfoil
To achieve Situational Awareness, the synergy between the procedural governance and controls, and visibility across the communication stack when perimeters are crossed, is key. In industry specific scenarios, Industrial Control Systems more than Financial Systems, the Data Stores, Data Classification, and allowed Data Transformations are well- known helping these use cases to be more easily implemented. ( easy-to-classify, easy-to-map egress points ) Synergy
Situational Awareness is a live, universal, social and environmental concept. Applied to the Enterprise it is a mean to support its body immune defences and to enable the evolution of its organs and limbs. Translating into Compliance and Security Practice, the DPI and Application Protocol analysis, SIEM, GRC and Vulnerability Management outputs shall be systematically joined to achieve: a brand new level of detection and response capability. Conclusions

Recommandé

Evolving a Cyber Space Doctrine
Evolving a Cyber Space DoctrineEvolving a Cyber Space Doctrine
Evolving a Cyber Space DoctrineMichael Ruiz
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsBrooke Bordelon
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
Encryption Algorithms for Cloud
Encryption Algorithms for CloudEncryption Algorithms for Cloud
Encryption Algorithms for CloudMphasis
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...Yiannis Verginadis
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 bSelectedPresentations
 

Recommandé

Evolving a Cyber Space Doctrine
Evolving a Cyber Space DoctrineEvolving a Cyber Space Doctrine
Evolving a Cyber Space DoctrineMichael Ruiz
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comPhD Assistance
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsBrooke Bordelon
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
Encryption Algorithms for Cloud
Encryption Algorithms for CloudEncryption Algorithms for Cloud
Encryption Algorithms for CloudMphasis
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...Yiannis Verginadis
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 bSelectedPresentations
 
MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusPrakash Prasad ✔
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalBryan Len
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Top Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureTop Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureNiloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetupDaliya Spasova
 
Personal & Trusted cloud
Personal & Trusted cloudPersonal & Trusted cloud
Personal & Trusted cloudBig Data Value Association
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceMetastore
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oPradeep Muralidhar
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computingNexgen Technology
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSPSrishti Ahuja
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsRick van der Kleij
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring PrimerRocco Magnotta
 

Contenu connexe

Tendances

Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCimetrics Inc
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalBryan Len
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceMetastore
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oPradeep Muralidhar
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computingNexgen Technology
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSPSrishti Ahuja
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsRick van der Kleij
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
 

Tendances (20)

MITx_Cyber security_Syllabus
MITx_Cyber security_SyllabusMITx_Cyber security_Syllabus
MITx_Cyber security_Syllabus
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professional
 
Securing The Journey To The Cloud
Securing The Journey To The Cloud Securing The Journey To The Cloud
Securing The Journey To The Cloud
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
Top Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart InfrastructureTop Ten Challenges of Securing Smart Infrastructure
Top Ten Challenges of Securing Smart Infrastructure
 
Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetup
 
Personal & Trusted cloud
Personal & Trusted cloudPersonal & Trusted cloud
Personal & Trusted cloud
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
A study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_oA study on_security_and_privacy_issues_o
A study on_security_and_privacy_issues_o
 
Information flow control for secure cloud computing
Information flow control for secure cloud computingInformation flow control for secure cloud computing
Information flow control for secure cloud computing
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teams
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 
Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
 

Similaire à Cyber Security Strategy for a Layered Holistic Approach

Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring PrimerRocco Magnotta
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itAvancercorp
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdfLolaHel
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Arushi00
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperMestizo Enterprises
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 

Similaire à Cyber Security Strategy for a Layered Holistic Approach (20)

Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring Primer
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Strategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid itStrategically moving towards a secure hybrid it
Strategically moving towards a secure hybrid it
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 

Cyber Security Strategy for a Layered Holistic Approach

  • 1. A view on Cyber Security Speech proposed to ISACA Ireland on Governance Risk and Compliance Cyber Defense Strategy - Situational Awareness - GRC
  • 2. Changing viewpoint, from the Enterprise IT business operations space, to a new domain entitled as “Cyber Territory” entailing IoT and Cloud, we find inevitable to consider a layered and holistic approach to : - Security Management, - Risk Containment, - Threat Response, - Crisis Management. Intro
  • 3. Confidentiality, Integrity and Availability as “Basic unIT of information” attributes, are applied to each information set we map, and consider of value, for the uses it is subject to. Access to, and use of, that information is the key element for the future of “business”, in a truly transforming landscape. CIA to the BIT
  • 4. The enormous attention we give to Industrial Control Systems today, is a hint of what we can expect from the near future: The Information, to control industrial processes and wealth assurance and growth, as more valuable than the product or asset itself. Information Builds Bridges ( LITERALLY )
  • 5. How the information surpasses the intrinsic value of the product of its elaboration? By having, in a controlled (automated) environment, creative (as destructive) power. The Information piece of IoT and Industry Control Networks, as the Item (BIT) to which, Confidentiality, Integrity and Availability, have to be attentively applied. Creative Power
  • 6. Alienation of Data items in an industrial control system or a data-centric enterprise environment, or IoT, means disruption of creative processes. Same applies to wealth management and banking environments. For this specific reason the “information capital”, intended as the “Data Set” for these specific purposes, have to be: Known, Valued, Managed, Protected, Disposed. Information as Capital
  • 7. In this document Introductory Slide a “layered approach” was mentioned as key element of a sound Information and Cyber Security practice. To further explain, there are two dimensions we can easily mind-map to progress with the concept: - Edge-to-Core - when considering perimeter to the core networks; - Logical-to-Physical - when considering the top-down network traffic layers. Layered
  • 8. Edge to Core This is where Attack Vector analysis applies.
  • 9. Logical to Physical This is where DPI and Realtime analytics applies.
  • 10. Taking from the established GRC and “Active Defense” Information Security practice, we tend to consider, as ways to protect the Information Assets: - Sound Governance of business processes - Extensive Risk management practice - Compliance to regulatory frameworks - Tools and Processes protecting our assets - Effective Incident Response procedures There is nothing inefficient in this list, if they blend. Holistic
  • 11. Translating the objectives of Layered and Holistic into practice yet, it is easily done by mutuating the concept of Situational Awareness. Being this declined into the perimeter defences, it means the combination of proper edge and core security tools. Applied to communication layers, it has to conciliate with the capability of monitoring physical data transmission and its transformation, by application and user, access. Layered Holistic
  • 12. To properly appreciate an elevated cyber security posture the two aspects of: 1) Perimeter and Data Egress points protection 2) Deep to Surface Data Analytics … Shall blend together, aiming for a timely and proactive … … Situational Awareness. Information Protection
  • 13. “Governance, Risk and Compliance”-wide, the concept of Awareness is partly technological and partly procedural. Blending system and network status change with the capability to govern (Vulnerability), having a sound scoring system to track risk and its impact on the business (Risk), and the capability to have real time evidence of events (Threats). Linking these feeds to facilitate and improve incident response capability. (Countermeasures) … all in a world where M stands for Management … VM – RM – TM – CM
  • 14. The underestimated gap in GRC programs, around Data (Information Item or BIT), its Value, its Container, the Transformation it is subject to, and the desired Outcome of that transformation, is to apply segregated forms of protection to it. A missing goal even for the Defense-in-Depth, if left to reciprocally unrelated technical capabilities: The Physical-to-Logical Data monitoring Deep Inspection and Application Protocol Analysis. The Emmenthal Effect ( IN SECURITY PROGRAMS STRATEGY )
  • 15. I substantially want to point the auditor attention to the lessons learned, from the latest advanced, or low-and-slow cyber attack winning techniques: - Weak Application Protocols, even where encrypted; - Flaws in core operating system kernels and modules; - Holes into (managed) network elements firmware; Opening doors to … Advanced and Persistent Threats. That’s where I’d like to point at the “age” of these flaws, often there by design and unnoticed for decades. “Trailing” Persistent Threats
  • 16. No matter how complex a network environment is, it will anyway fall into a 3D (three dimensional or more) layered model: The perimeter is a layered Candy. Communication stack is a Milfoil. Candy and Milfoil
  • 17. To achieve Situational Awareness, the synergy between the procedural governance and controls, and visibility across the communication stack when perimeters are crossed, is key. In industry specific scenarios, Industrial Control Systems more than Financial Systems, the Data Stores, Data Classification, and allowed Data Transformations are well- known helping these use cases to be more easily implemented. ( easy-to-classify, easy-to-map egress points ) Synergy
  • 18. Situational Awareness is a live, universal, social and environmental concept. Applied to the Enterprise it is a mean to support its body immune defences and to enable the evolution of its organs and limbs. Translating into Compliance and Security Practice, the DPI and Application Protocol analysis, SIEM, GRC and Vulnerability Management outputs shall be systematically joined to achieve: a brand new level of detection and response capability. Conclusions