Contenu connexe Similaire à What's My Security Policy Doing to My Help Desk w/ Chris Swan (20) What's My Security Policy Doing to My Help Desk w/ Chris Swan1. November 15, 2016
What’s My Security Policy Doing to My Help Desk?
Chris Swan (@cpswan), CTO Global Infrastructure Services, CSC
2. 2 November 15, 2016© 2016 Computer Sciences Corporation
Chris Swan – why me?
Combat Systems Engineer - Royal Navy
Security R&D – Credit Suisse
CTO Security - UBS
CTO – Cohesive Networks
CTO, Global Infrastructure
Services - CSC
@cpswan
3. 3 November 15, 2016© 2016 Computer Sciences Corporation
Agenda
• Operational Data Mining and the 3rd DevOps Way
• The #1 issue
• A parable about 802.1X
• Finding a better way
4. © 2016 Computer Sciences Corporation
Setting the scene:
The 3 DevOps Ways and
Operational Data Mining
5. 5 November 15, 2016© 2016 Computer Sciences Corporation
The 3 ways
1.Flow
2.Feedback
3.Continual Learning
& Experimentation
6. 6 November 15, 2016© 2016 Computer Sciences Corporation
Operational Data Mining (ODM) takes ‘data exhaust’ from service
management and ancillary systems
‘Exhausting’ by Ben Salter https://flic.kr/p/8VTaMe
7. 7 November 15, 2016© 2016 Computer Sciences Corporation
Operational Data Mining focusses on the 3rd Way
1.Flow
2.Feedback
3.Continual Learning
& Experimentation
8. 8 November 15, 2016© 2016 Computer Sciences Corporation
Data helps us find the constraints, then tells us what to do with them
‘Narrow’ by gwire https://flic.kr/p/4d3N4
9. 9 November 15, 2016© 2016 Computer Sciences Corporation
Constraint unblocking helps provide better flow and feedback
1.Flow
2.Feedback
3.Continual Learning
& Experimentation
10. 10 November 15, 2016© 2016 Computer Sciences Corporation
Data provides a means of empowerment to front line staff
“I knew that,
I knew that we needed to do that”
12. 12 November 15, 2016© 2016 Computer Sciences Corporation
#1 - Password reset related issues
Account Login
Tickets
31%
Escalated to
Other Queues
No Resolving
Action
Required1
Other,
Completed by
Service Desk
Service Desk Incident Tickets
August 2014 – August 2015
n = 67k tickets
AD Accounts
34%
Rater Portal
Accounts
Mainframe
Accounts
Other
Accounts
Account Reset Tickets
August 2014 – August 2015
n = 21k tickets
1. There are primarily calls chasing other previously opened tickets
For incidents were the Service Desk
is the resolver of the incident,
account issues represent the vast
majority of these tickets
The Service Desk typically spends 5-
10 min of effort on each of these
reset tickets, although occasionally
tickets are re-opened again later if the
user calls back a 2nd or 3rd time.
13. 13 November 15, 2016© 2016 Computer Sciences Corporation
AD account lockout issues:
Multiple incidents in the past year by user
14. 14 November 15, 2016© 2016 Computer Sciences Corporation
AD account lockout issues:
3+ incidents in the past year
15. 15 November 15, 2016© 2016 Computer Sciences Corporation
Service desk volume for AD account locking tickets:
Users with the same problem 3+ times in last year
16. 16 November 15, 2016© 2016 Computer Sciences Corporation
A deeper analysis reveals that users often experience these repeat issues
in quick succession
• Of those users that have the same issue multiple
times, these multiple occurrences often occur in quick
succession
• This, along with additional observations in the ticket
notes, indicates that the help desk is often not
resolving the underlying issue behind the incident
which thus subsequently generates more incidents
• Users are often connected to different support
personnel on each call, thus the Service Desk often
does not notice that they are just constantly unlocking
accounts for the same users and thus not actually
fixing the root cause of the issue
17. © 2016 Computer Sciences Corporation
A parable about WiFi authentication:
Why 802.1X for BYOD can be a really bad
idea
18. 18 November 15, 2016© 2016 Computer Sciences Corporation
It all seems so simple
19. 19 November 15, 2016© 2016 Computer Sciences Corporation
When ‘one password’ lets you down
I
have
the
old
password
Password
reset
21. 21 November 15, 2016© 2016 Computer Sciences Corporation
First it was CESG in the UK
Source: http://www.theregister.co.uk/2016/05/05/stop_resetting_your_password_says_uk_spy_network/
22. 22 November 15, 2016© 2016 Computer Sciences Corporation
Then NIST in the US
Source: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
23. 23 November 15, 2016© 2016 Computer Sciences Corporation
This isn’t a withdrawal from password security
24. 24 November 15, 2016© 2016 Computer Sciences Corporation
My colleagues produced a white paper on this topic
Source: http://assets1.csc.com/cybersecurity/downloads/THE_PROBLEM_WITH_P4__W0RDS_.pdf
25. 25 November 15, 2016© 2016 Computer Sciences Corporation
Let’s not pretend that this is an easy fix
26. 26 November 15, 2016© 2016 Computer Sciences Corporation
When systems and culture collide
28. 28 November 15, 2016© 2016 Computer Sciences Corporation
Summary
• Operational Data Mining and the 3rd DevOps Way
• The #1 issue
• A parable about 802.1X
• Finding a better way
29. © 2016 Computer Sciences Corporation
Thanks to the sponsors and supporters