Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Enumerating your shadow it attack surface

84 vues

Publié le

Key Discussion Points:
1.Causes of recent breaches – learning
2.Threat Taxonomy
3.Program structure – Detect & Respond
4.Getting management buy in

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Enumerating your shadow it attack surface

  1. 1. CISO Platform Playbook Roundtable Analysing Recent Indian Breaches: Strategies To Detect & Respond
  2. 2. Build Tangible Community Goods Through Sharing & Collaboration Frameworks, Checklists, Playbooks..
  3. 3. Today’s Goal: Build A Tangible Community Good Deliverable: Playbook for Building an APT Security Architecture Key Discussion Points: • Causes of recent breaches – learning • Threat Taxonomy • Program structure – Detect & Respond • Getting management buy in Timeline: Next 60 mins.. We will start with an empty slide..
  4. 4. Breach Analysis And Learning (Case Study 1) • Breach Description • End point compromise through APT style targeted phishing • Attacker was targeting a specific customer through Wipro • Learning • Zero trust approach • Awareness (hygiene) is not enough • Better PR execution • 3rd party monitoring
  5. 5. Breach Analysis And Learning (Case Study 2) • Breach Description • Database exposure through web-app • Learning • Monitor shadow IT • 3rd party monitoring • Inventory management • Responding and “thanking” to researchers + VDP
  6. 6. Detection Program • SOC –SIEM with • focus on Human / UEABA • Threat hunting • Deception • Monitor shadow IT • 3rd party monitoring – OSINT + Rating • Inventory management (External & Internal) • Continuous red teaming • Process
  7. 7. Response & Recovery Program Structure • Communication / PR • VDP • External communication • Internal process + playbook to handle disclosure • Internal response drills + CCMP • Insurance • Awareness
  8. 8. Should We Disclose? • Management • Yes • Board • Major issue – Yes • Regulator • Based on regulation • Affected/Impacted customers • Yes • Affected/Impacted End Users • Yes • Not Impacted • Gray (Amazon disclosed) • Impact of not disclosing • Due diligence • Future acquisition • Loss of customer confidence • Brand loss • Loss of confidence at Board/Mgmt level
  9. 9. Setting Expectations With Management • Setting expectation • We can be breached..100% security is not possible • Cyber breach /crisis management drill • Additional budget • What works? • Inform them on breaches and impact in the peer group • We have the following controls – recommend additional controls and cost • Showing current investment has helped prevent certain breaches • Utilize regulators • Customer expectations – RFPs • Business impact of not having a control • What doesn’t? • Giving technical details or using technical terms – convert to business terms/impact • Budget for tools
  10. 10. Vendor Risk • Audits/Checklists – publicly available • Google vendor assessment • ISACA • SIG • Use monitoring/rating tools
  11. 11. Thank You

×