SlideShare une entreprise Scribd logo

Practical Application of the NIST Cybersecurity Framework

Télécharger en tant que PPTX, PDF
R
robbiesamuel

This presentation was delivered at the 2018 ISACA Security and Risk Conference in Halifax, Nova Scotia.

Technologie
1  sur  43
From Boardroom to War Room: Practical Application of the NIST Cybersecurity Framework 2018 ISACA SECURITY & RISK CONFERENCE 29 OCTOBER 2018
Speaker Bio 2 Rob Samuel, CISSP Chief Cybersecurity Officer Province of Nova Scotia Contact Information: Robert.Samuel@novascotia.ca (902) 222-6685 Experience  Communications and Electronics Engineering Officer (2001-2006)  Senior System Analyst (2006-2010)  Manager – Client Services (2010-2013)  Senior Advisor – Cyber and IT Security (2013-2016)  Chief Cybersecurity Officer (2016-Present) Education • Bachelor of Technology (Information Management) – Cape Breton University • Computer Information Systems (Diploma) – Cape Breton University • Canadian Forces School of Communications and Electronics • Information Assurance and Security – University of Winnipeg Boards and Affiliations • National CIO Subcommittee on Information Protection (NCSIP) - Chair • Microsoft Canadian Security Council - Member
Presentation Outline 3 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
ARE WE SECURE? 4
A CLEAR VIEW OF RISKS, THREATS, IMPACTS, ETC. 5
SECURITY OFTEN SPEAKS A DIFFERENT LANGUAGE 6
FEAR, UNCERTAINTY AND DOUBT 7 What Doesn’t Work?
FEAR, UNCERTAINTY AND DOUBT 8 What Doesn’t Work?
ACRONYMS (WE NEED TO SPEAK THE SAME LANGUAGE) 9 What Doesn’t Work? Source: RSA Conference 2017 Briefing the Board: Lessons Learned From CISOs and Directors
PEW! PEW! 10 What Doesn’t Work?
Presentation Outline 11 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
SHOW HOW CYBERSECURITY HELPS MANAGE BUSINESS RISKS ( IT’S NOT AN IT ISSUE) 12 Business Risks Financial Risk Operational Risk Strategic Risk Reputational Risk Cybersecurity Bad Outcomes & Negative Impacts A breach of information exposes a sensitive strategic organizational priority. A ransomware infection prevents access to medical records and impacts the ability to deliver services to patients. A cyber attack prevents us from processing financial transactions (lost employee productivity, litigation) or manipulates staff to send money to fake accounts (cyber- enabled financial fraud). Inadequate security causes a loss or disclosure of private information resulting in loss of public trust. Confidentiality Risks could hinder the organizations ability to achieve its priorities and objectives Integrity Availability Third Party Medical equipment is installed with security weaknesses allowing threat actors to alter drug dosing (potentially lethal consequences). Patient Safety Risk
SANS SECURITY MATURITY MODEL 13 Some Options That May Work
GARTNER IT SCORE OVERVIEW FOR SECURITY RISK MANAGEMENT 14 Some Options That May Work
GARTNER FOR IT LEADERS TOOLKIT 15 Some Options That May Work
Presentation Outline 16 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
FRAMEWORK: “A frame or structure composed of parts fitted and joined together.” 17
18Establishing a Common Lexicon A framework is a foundational tool to communicate with stakeholders at all levels. CISO Clients & Stakeholders Common Language to help organizations understand, manage and reduce cybersecurity risks  A framework helps your organization understand:  Where you are today?  How you are doing?  Where do you need to improve?  How do you measure progress? Cybersecurity Framework
19Establishing a Common Lexicon Source: NIST Cybersecurity Framework 101
20The Framework Has 5 Core Functions Do We Understand Our Risks? Do We Have Adequate Safeguards? Can We Detect Anomalies and Incidents? Can We Address Incidents? Can We Effectively Restore Capabilities Post-Incident?
21Core Functions Are Broken Down Into Categories
22Categories Have a Reference ID
23Categories Are Mapped to Subcategories
Presentation Outline 24 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
Perform a Self Assessment 25
Establish Your Baseline Maturity 26
27 Communicate Your Security Maturity (Americas) Initial Repeatable Defined Managed Industry Benchmark Identify Protect Detect Respond Recover Function Targeted Maturity by FY 20-21 Current Maturity World-Class Benchmark Optimized
28 Initial Repeatable Defined Managed Industry Benchmark Identify Protect Detect Respond Recover Function Targeted Maturity by FY 20-21 Current Maturity World-Class Benchmark Optimized Communicate Your Security Maturity (APAC)
29Build Your Security Program Roadmap 2018 2019Major Themes Increase Situational Awareness Endpoint Protection Incident Response Plans Create Incident Response Playbooks Identify Protect Detect Respond Recover Function Governance Risk Assessment Establish Cyber Risk Council Network Monitoring User Education & Awareness Procure & Deploy Tanium Update Awareness Policy Asset Inventory Identification & Prioritization Define Incident Response Roles & Responsibilities Windows XP UpgradeCore Enhancements Multi-Factor Authentication Communications Plan & Process Deploy Cofense
TACTICAL PLAN ASSET INVENTORY 30 Work Status: Implementation Stage Project Description: Procure and implement an asset inventory suite. Key Milestones/Tasks Date Status Comments 1. Obtain permanent O&M funding Complete 2. Convert existing services to new service Complete 3. Declare updated service operational Complete 4. Automate reporting and asset management In-Progress Identify Protect Detect Respond Recover Function How Will We Measure Success Key Metric Target Hardware and software automatically detected in real-time 100% Identification of unauthorized hardware and software 100% Strategic Objectives Supported • [Objective #1]: Drive efficiency and cost reduction • [Objective #2]: Increase security • [Objective #3]: Reduce client downtime • [Objective #4): • [Objective #5]: Improve situational awareness • [Objective #4]: Potential Issues / Implementation Risks • [Issue #1]: No procurement vehicle in place • [Issue #2]: Migrating to a new tool • [Issue #3]: Subscription Service model Resource Summary • Team leader / Point of Contact: Rob Samuel • Core team members: • Vendor liaison: Investment Status: Approved Cost Estimates (Indicative) Category Cost Capital Procurement $ Implementation $ Sustainment (O&M) $ Sustainment (FTE)
TACTICAL PLAN INCIDENT RESPONSE 31 Work Status: In Progress Project Description: Develop and implement security incident response playbooks. Key Milestones/Tasks Date Status Comments 1 Not Started 2 1/28/2016 Not Started 3 2/3//2016 Not Started 4 2/8/2016 Not Started Identify Protect Detect Respond Recover Function How Will We Measure Success Key Metric Target Strategic Objectives Supported • [Objective #1]: Decrease time to resolve incidents • [Objective #2]: Increase efficiencies • [Objective #3]: Reduce client downtime • [Objective #4): • [Objective #5]: Potential Issues / Implementation Risks • [Issue #1]: • [Issue #2]: • [Issue #3]: Resource Summary • Team leader / Point of Contact: • Core team members: • Vendor liaison: • Investment Status: Pending Approval Cost Estimates (Indicative) Category Cost Capital Procurement Implementation Sustainment (O&M) Sustainment (FTE)
Map Your Plans and Requests to the Framework 32 Identify Protect Detect Respond Recover Function Increase Workforce Education and Awareness  Set a tone from the top in support of enterprise-wide cybersecurity improvements  Support the implementation of mandatory annual cybersecurity awareness training  Support internal phishing campaigns Mitigation Plan Overview How You Can Help Risk Status: Our employees and staff are largely unaware about cyber threats. Tricking unexpecting people (social engineering) into opening fake emails or malicious documents/links (phishing attacks) is the most common cause of cybersecurity incidents and data breaches. Risk Velocity: We can’t block all phishing attacks, approximately X phony emails get past our defences and are delivered to staff email inboxes each month and X% - X% of staff falling victim.  Implement an enterprise-wide cybersecurity awareness and education program  Improve the effectiveness of our existing secure email gateways (blocks fake emails)  Investigate alternative secure email gateway solutions  Implement modern anti-virus solutions to help protect users from malicious emails  Launch internal phishing campaigns to help users learn and reduce their susceptibility
Use Lessons Learned from Security Incidents as Roadmap Updates 33 Lessons Learned Remediation Steps Critical systems lack good controls hygiene, leaving them vulnerable to known malware. Work with IT to improve security controls hygiene tracking on critical systems and create incentives for better performance. Incident response is hampered by a lack of pre- defined communication channels. Establish an incident response playbook and define roles, responsibilities and communications channels for all stakeholders. These are inputs into our cybersecurity roadmap Perform a series of table top exercises to practice incident response and refine incident response processes with stakeholders.
Apply Lessons Learned to Plan Improvements 34 Added Post Breach 2018 2019Major Themes Increase Situational Awareness Endpoint Protection Incident Response Plans Create Incident Response Playbooks Identify Protect Detect Respond Recover Function Governance Risk Assessment Establish Cyber Risk Council Network Monitoring User Education & Awareness Procure & Deploy Tanium Update Awareness Policy Asset Inventory Identification & Prioritization Define Incident Response Roles & Responsibilities Windows XP UpgradeCore Enhancements Multi-Factor Authentication Communications Plan & Process Deploy Cofense Establish Pre-Defined Communication Channels Identify Control Owners Improve Hygiene Set Hygiene Goals Measure & Report Improvements Table Top 1 Table Top 2
Explain How Cyber Incidents to External Companies Relate to Your Organization 35 The attacker deliberately damaged the SCADA system (servers and workstations) to delay the restoration of power. Staff switched to ‘manual mode’ and restore the system. State-sponsored attacker gained access into the power company’s SCADA using a known piece of malware. Effective patching may have prevented the attacker from gaining access to systems. The attacker flooded call centers to disrupt customer reports of power outages and launched a coordinated DDoS attack on the company website. Improved controls would have reduced the impact of these attacks. Ukraine Attack Identify Protect Detect Respond Recover Function Our Organization We have the capability to switch to back-up, off- line critical systems in the event of a disruption. We are investing and will upgrade our DDoS protection. We continue to prioritize system patching as part of our security controls hygiene.
Closing Recommendations
Gather Information About Your Environment (Provide Fact-Based Evidence) 37 • Technical & Administrative Details • Business Units, Departments, Services, • Governance, Assets, Processes, Architectures, Capabilities, etc. • Historical Information Sources • Cyber Insurance • Organizational Risk Assessments • Continuous Improvement Plans • Audits or Independent Assessments • Comparison to Industry Best Practices • Center for Internet Security – Top 20 Critical Security Controls • Communications Security Establishment – Top 10 IT Security Actions • Australian Signals Directorate - Essential Eight Cybersecurity Incident Mitigation Strategies • Gartner – IT Key Metrics Data
Perform Self Assessments (Center for Internet Security – Critical Controls) 38 Source: Audit Scripts CSC initial assessment tool v7
CENTER FOR INTERNET SECURITY – CRITICAL SECURITY CONTROLS 39 Inventory and Control of Hardware Assets 1 Inventory and Control of Software Assets 2 Continuous Vulnerability Management 3 Controlled Use of Administrative Privileges 4 Secure Configuration for Hardware and Software on Mobiles, Laptops, Workstaitons and Servers 5 Maintenance, Monitoring and Analysis of Audit Logs 6 Email and Web Browser Protections 7 Malware Defences 8 Limitation and Control of Network Ports, Protocols and Services 9 Data Recovery Capabilities Secure Configuration for Network Devices (Firewalls, Routers, Switches) Boundary Defence Data Protection Controlled Access Based on Need to Know Wireless Access Control Account Monitoring and Control Implement a Security Awareness and Training Program Application Software Security Incident Response and Management Penetration Tests and Red Team Exercises 10 11 12 13 14 15 16 17 18 19 20 Not Met Partially Met Implemented Baseline Your Org Against Best Practices (Center for Internet Security – Critical Controls)
ΩCYBERSECURITY STRATEGY AND PLANNING 40
• Mission • Vision • Mandate • Principles • CharterPurpose • Current State / Gaps • Strategic Plan • Priorities • Action Plan • Roadmap Strategy • Organizational Structure • Governance • Authorities • Business Processes Organization • Function, Category, Role • Knowledge & Skills • Strategic Intake Plan • Succession Planning • Talent Management People • IT Capabilities • Budget Allocations • HR Allocations • Organizational Priority Supports • Outcomes • Business Benefits • KRI’s / KPI’s • Security Maturity • Annual Report Results Enterprise Cybersecurity Program Planning
1. Understand Your Audience • Articulate the Business Risks 2. Keep It Simple • No Acronyms • Easy to Understand Language • Be Brief, Be Bright, Be Gone 3. Do Not Use Fear, Uncertainty and Doubt • Provide Facts, Relevant to Your Industry / Organization 4. Map Topics Back to the Overall Strategy Guiding Principles
Questions?

Recommandé

How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 

Recommandé

How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills AuditVilius Benetis
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...MITRE ATT&CK
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docxyoroflowproduct
 

Contenu connexe

Tendances

Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills AuditVilius Benetis
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...MITRE ATT&CK
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 

Tendances (20)

Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills Audit
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 

Similaire à Practical Application of the NIST Cybersecurity Framework

w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docxyoroflowproduct
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakMarc St-Pierre
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationNUS-ISS
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 

Similaire à Practical Application of the NIST Cybersecurity Framework (20)

w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
CCA study group
CCA study groupCCA study group
CCA study group
 

Dernier

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Practical Application of the NIST Cybersecurity Framework

  • 1. From Boardroom to War Room: Practical Application of the NIST Cybersecurity Framework 2018 ISACA SECURITY & RISK CONFERENCE 29 OCTOBER 2018
  • 2. Speaker Bio 2 Rob Samuel, CISSP Chief Cybersecurity Officer Province of Nova Scotia Contact Information: Robert.Samuel@novascotia.ca (902) 222-6685 Experience  Communications and Electronics Engineering Officer (2001-2006)  Senior System Analyst (2006-2010)  Manager – Client Services (2010-2013)  Senior Advisor – Cyber and IT Security (2013-2016)  Chief Cybersecurity Officer (2016-Present) Education • Bachelor of Technology (Information Management) – Cape Breton University • Computer Information Systems (Diploma) – Cape Breton University • Canadian Forces School of Communications and Electronics • Information Assurance and Security – University of Winnipeg Boards and Affiliations • National CIO Subcommittee on Information Protection (NCSIP) - Chair • Microsoft Canadian Security Council - Member
  • 3. Presentation Outline 3 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
  • 5. A CLEAR VIEW OF RISKS, THREATS, IMPACTS, ETC. 5
  • 6. SECURITY OFTEN SPEAKS A DIFFERENT LANGUAGE 6
  • 7. FEAR, UNCERTAINTY AND DOUBT 7 What Doesn’t Work?
  • 8. FEAR, UNCERTAINTY AND DOUBT 8 What Doesn’t Work?
  • 9. ACRONYMS (WE NEED TO SPEAK THE SAME LANGUAGE) 9 What Doesn’t Work? Source: RSA Conference 2017 Briefing the Board: Lessons Learned From CISOs and Directors
  • 11. Presentation Outline 11 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
  • 12. SHOW HOW CYBERSECURITY HELPS MANAGE BUSINESS RISKS ( IT’S NOT AN IT ISSUE) 12 Business Risks Financial Risk Operational Risk Strategic Risk Reputational Risk Cybersecurity Bad Outcomes & Negative Impacts A breach of information exposes a sensitive strategic organizational priority. A ransomware infection prevents access to medical records and impacts the ability to deliver services to patients. A cyber attack prevents us from processing financial transactions (lost employee productivity, litigation) or manipulates staff to send money to fake accounts (cyber- enabled financial fraud). Inadequate security causes a loss or disclosure of private information resulting in loss of public trust. Confidentiality Risks could hinder the organizations ability to achieve its priorities and objectives Integrity Availability Third Party Medical equipment is installed with security weaknesses allowing threat actors to alter drug dosing (potentially lethal consequences). Patient Safety Risk
  • 13. SANS SECURITY MATURITY MODEL 13 Some Options That May Work
  • 14. GARTNER IT SCORE OVERVIEW FOR SECURITY RISK MANAGEMENT 14 Some Options That May Work
  • 15. GARTNER FOR IT LEADERS TOOLKIT 15 Some Options That May Work
  • 16. Presentation Outline 16 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
  • 17. FRAMEWORK: “A frame or structure composed of parts fitted and joined together.” 17
  • 18. 18Establishing a Common Lexicon A framework is a foundational tool to communicate with stakeholders at all levels. CISO Clients & Stakeholders Common Language to help organizations understand, manage and reduce cybersecurity risks  A framework helps your organization understand:  Where you are today?  How you are doing?  Where do you need to improve?  How do you measure progress? Cybersecurity Framework
  • 19. 19Establishing a Common Lexicon Source: NIST Cybersecurity Framework 101
  • 20. 20The Framework Has 5 Core Functions Do We Understand Our Risks? Do We Have Adequate Safeguards? Can We Detect Anomalies and Incidents? Can We Address Incidents? Can We Effectively Restore Capabilities Post-Incident?
  • 21. 21Core Functions Are Broken Down Into Categories
  • 22. 22Categories Have a Reference ID
  • 23. 23Categories Are Mapped to Subcategories
  • 24. Presentation Outline 24 Possible Solutions How I Use The Framework Overview of the Problem Cybersecurity Framework Overview
  • 25. Perform a Self Assessment 25
  • 26. Establish Your Baseline Maturity 26
  • 27. 27 Communicate Your Security Maturity (Americas) Initial Repeatable Defined Managed Industry Benchmark Identify Protect Detect Respond Recover Function Targeted Maturity by FY 20-21 Current Maturity World-Class Benchmark Optimized
  • 28. 28 Initial Repeatable Defined Managed Industry Benchmark Identify Protect Detect Respond Recover Function Targeted Maturity by FY 20-21 Current Maturity World-Class Benchmark Optimized Communicate Your Security Maturity (APAC)
  • 29. 29Build Your Security Program Roadmap 2018 2019Major Themes Increase Situational Awareness Endpoint Protection Incident Response Plans Create Incident Response Playbooks Identify Protect Detect Respond Recover Function Governance Risk Assessment Establish Cyber Risk Council Network Monitoring User Education & Awareness Procure & Deploy Tanium Update Awareness Policy Asset Inventory Identification & Prioritization Define Incident Response Roles & Responsibilities Windows XP UpgradeCore Enhancements Multi-Factor Authentication Communications Plan & Process Deploy Cofense
  • 30. TACTICAL PLAN ASSET INVENTORY 30 Work Status: Implementation Stage Project Description: Procure and implement an asset inventory suite. Key Milestones/Tasks Date Status Comments 1. Obtain permanent O&M funding Complete 2. Convert existing services to new service Complete 3. Declare updated service operational Complete 4. Automate reporting and asset management In-Progress Identify Protect Detect Respond Recover Function How Will We Measure Success Key Metric Target Hardware and software automatically detected in real-time 100% Identification of unauthorized hardware and software 100% Strategic Objectives Supported • [Objective #1]: Drive efficiency and cost reduction • [Objective #2]: Increase security • [Objective #3]: Reduce client downtime • [Objective #4): • [Objective #5]: Improve situational awareness • [Objective #4]: Potential Issues / Implementation Risks • [Issue #1]: No procurement vehicle in place • [Issue #2]: Migrating to a new tool • [Issue #3]: Subscription Service model Resource Summary • Team leader / Point of Contact: Rob Samuel • Core team members: • Vendor liaison: Investment Status: Approved Cost Estimates (Indicative) Category Cost Capital Procurement $ Implementation $ Sustainment (O&M) $ Sustainment (FTE)
  • 31. TACTICAL PLAN INCIDENT RESPONSE 31 Work Status: In Progress Project Description: Develop and implement security incident response playbooks. Key Milestones/Tasks Date Status Comments 1 Not Started 2 1/28/2016 Not Started 3 2/3//2016 Not Started 4 2/8/2016 Not Started Identify Protect Detect Respond Recover Function How Will We Measure Success Key Metric Target Strategic Objectives Supported • [Objective #1]: Decrease time to resolve incidents • [Objective #2]: Increase efficiencies • [Objective #3]: Reduce client downtime • [Objective #4): • [Objective #5]: Potential Issues / Implementation Risks • [Issue #1]: • [Issue #2]: • [Issue #3]: Resource Summary • Team leader / Point of Contact: • Core team members: • Vendor liaison: • Investment Status: Pending Approval Cost Estimates (Indicative) Category Cost Capital Procurement Implementation Sustainment (O&M) Sustainment (FTE)
  • 32. Map Your Plans and Requests to the Framework 32 Identify Protect Detect Respond Recover Function Increase Workforce Education and Awareness  Set a tone from the top in support of enterprise-wide cybersecurity improvements  Support the implementation of mandatory annual cybersecurity awareness training  Support internal phishing campaigns Mitigation Plan Overview How You Can Help Risk Status: Our employees and staff are largely unaware about cyber threats. Tricking unexpecting people (social engineering) into opening fake emails or malicious documents/links (phishing attacks) is the most common cause of cybersecurity incidents and data breaches. Risk Velocity: We can’t block all phishing attacks, approximately X phony emails get past our defences and are delivered to staff email inboxes each month and X% - X% of staff falling victim.  Implement an enterprise-wide cybersecurity awareness and education program  Improve the effectiveness of our existing secure email gateways (blocks fake emails)  Investigate alternative secure email gateway solutions  Implement modern anti-virus solutions to help protect users from malicious emails  Launch internal phishing campaigns to help users learn and reduce their susceptibility
  • 33. Use Lessons Learned from Security Incidents as Roadmap Updates 33 Lessons Learned Remediation Steps Critical systems lack good controls hygiene, leaving them vulnerable to known malware. Work with IT to improve security controls hygiene tracking on critical systems and create incentives for better performance. Incident response is hampered by a lack of pre- defined communication channels. Establish an incident response playbook and define roles, responsibilities and communications channels for all stakeholders. These are inputs into our cybersecurity roadmap Perform a series of table top exercises to practice incident response and refine incident response processes with stakeholders.
  • 34. Apply Lessons Learned to Plan Improvements 34 Added Post Breach 2018 2019Major Themes Increase Situational Awareness Endpoint Protection Incident Response Plans Create Incident Response Playbooks Identify Protect Detect Respond Recover Function Governance Risk Assessment Establish Cyber Risk Council Network Monitoring User Education & Awareness Procure & Deploy Tanium Update Awareness Policy Asset Inventory Identification & Prioritization Define Incident Response Roles & Responsibilities Windows XP UpgradeCore Enhancements Multi-Factor Authentication Communications Plan & Process Deploy Cofense Establish Pre-Defined Communication Channels Identify Control Owners Improve Hygiene Set Hygiene Goals Measure & Report Improvements Table Top 1 Table Top 2
  • 35. Explain How Cyber Incidents to External Companies Relate to Your Organization 35 The attacker deliberately damaged the SCADA system (servers and workstations) to delay the restoration of power. Staff switched to ‘manual mode’ and restore the system. State-sponsored attacker gained access into the power company’s SCADA using a known piece of malware. Effective patching may have prevented the attacker from gaining access to systems. The attacker flooded call centers to disrupt customer reports of power outages and launched a coordinated DDoS attack on the company website. Improved controls would have reduced the impact of these attacks. Ukraine Attack Identify Protect Detect Respond Recover Function Our Organization We have the capability to switch to back-up, off- line critical systems in the event of a disruption. We are investing and will upgrade our DDoS protection. We continue to prioritize system patching as part of our security controls hygiene.
  • 37. Gather Information About Your Environment (Provide Fact-Based Evidence) 37 • Technical & Administrative Details • Business Units, Departments, Services, • Governance, Assets, Processes, Architectures, Capabilities, etc. • Historical Information Sources • Cyber Insurance • Organizational Risk Assessments • Continuous Improvement Plans • Audits or Independent Assessments • Comparison to Industry Best Practices • Center for Internet Security – Top 20 Critical Security Controls • Communications Security Establishment – Top 10 IT Security Actions • Australian Signals Directorate - Essential Eight Cybersecurity Incident Mitigation Strategies • Gartner – IT Key Metrics Data
  • 38. Perform Self Assessments (Center for Internet Security – Critical Controls) 38 Source: Audit Scripts CSC initial assessment tool v7
  • 39. CENTER FOR INTERNET SECURITY – CRITICAL SECURITY CONTROLS 39 Inventory and Control of Hardware Assets 1 Inventory and Control of Software Assets 2 Continuous Vulnerability Management 3 Controlled Use of Administrative Privileges 4 Secure Configuration for Hardware and Software on Mobiles, Laptops, Workstaitons and Servers 5 Maintenance, Monitoring and Analysis of Audit Logs 6 Email and Web Browser Protections 7 Malware Defences 8 Limitation and Control of Network Ports, Protocols and Services 9 Data Recovery Capabilities Secure Configuration for Network Devices (Firewalls, Routers, Switches) Boundary Defence Data Protection Controlled Access Based on Need to Know Wireless Access Control Account Monitoring and Control Implement a Security Awareness and Training Program Application Software Security Incident Response and Management Penetration Tests and Red Team Exercises 10 11 12 13 14 15 16 17 18 19 20 Not Met Partially Met Implemented Baseline Your Org Against Best Practices (Center for Internet Security – Critical Controls)
  • 41. • Mission • Vision • Mandate • Principles • CharterPurpose • Current State / Gaps • Strategic Plan • Priorities • Action Plan • Roadmap Strategy • Organizational Structure • Governance • Authorities • Business Processes Organization • Function, Category, Role • Knowledge & Skills • Strategic Intake Plan • Succession Planning • Talent Management People • IT Capabilities • Budget Allocations • HR Allocations • Organizational Priority Supports • Outcomes • Business Benefits • KRI’s / KPI’s • Security Maturity • Annual Report Results Enterprise Cybersecurity Program Planning
  • 42. 1. Understand Your Audience • Articulate the Business Risks 2. Keep It Simple • No Acronyms • Easy to Understand Language • Be Brief, Be Bright, Be Gone 3. Do Not Use Fear, Uncertainty and Doubt • Provide Facts, Relevant to Your Industry / Organization 4. Map Topics Back to the Overall Strategy Guiding Principles

Notes de l'éditeur

  1. Welcome everyone and thanks for coming to the session today Also thanks to ISACA volunteers for putting the event together, great to see so many security professionals here I see many familiar faces in the room but for those that don’t know me……..
  2. Quick outline of my experience….. Proud Cape Bretoner Most of my experience was as federal public servant, starting as a communications engineering officer in the Canadian Forces then out of uniform in a variety of technical and leadership roles In 2016 I assumed the CISO role for the Province of Nova Scotia Concurrently serve as the chair of NCSIP, a pan Canadian group of Federal, Provincial, Territorial and Municipal leads for cybersecurity Also invited to participate in the MS Canadian Security Council (if I only had time!!)
  3. In 2016, I moved back to Nova Scotia to assume the CISO role and started to build the cybersecurity program This represented both home for me (back to the foggy mornings!) but also the work environment Our scope was government and health environments (60K+ clients) but had limited understanding or visibility into the environments, risks, vulnerabilities Continuous improvement program was in place (but it was highly technical……………focused on IT……….e.g. we have x number of unsupported versions of y) ISO (checklist) based approach was used (our maturity didn’t match the ISO self-assessment score) This caused a bit of a false sense of security (e.g. policies and standards in place…….check……but are policies and standards being followed…???)
  4. What we needed to do was to paint a clear picture of risks, to identify where we were from a current state perspective, Understand our risks, gaps, potential impacts Communicate these to various stakeholders across government and health and Create a strategy and action plan to reduce our risks (gain support to pursue these improvements) And report back on progress Sounds easy right???
  5. What we see and say is often much different than what our audience understands What does the sign say? To us it’s clear…….to others……..Awesome waves? Great surfing here?? Our job as security professionals (or as board members or other employees) is to ensure we’re all on the same page (and to remove complexity) The outcomes of poor communication? The audience or stakeholders won’t understand what the problem is (what their risks are)……… You won’t gain the support and traction needed to improve security…...and you could ultimately suffer from more incidents and breaches
  6. There are some days that this feels like the norm!  But………it doesn’t convey confidence
  7. Another common tactic is to use the latest news headlines…….. Everyone sees these types of headlines every day………..from all industries and sectors………. We need to convey information as it relates to us……..not the “if it can happen to them it can happen to us”
  8. This is an example from RSA……. it’s only one and I’m just as guilty as anyone talking about (IPS, IDS, IOC’s, AV, Botnets, PAM and SPAM………)
  9. The good old pew pew map of recorded attacks……… We’ve admired the problem long enough……….
  10. You need to make it very clear that cybersecurity is a business risk, and risk is a business decision. You need to provide actual examples for your industry, sector and potential outcomes.
  11. Another key message to give your stakeholders…………regardless of the model you choose: Organizations need a way to measure their cybersecurity maturity Organizations that are not mature (for example technology-focused) are reactive to security issues. There is a direct relationship between maturity and risk in that higher maturity leads to lower risk.
  12. The NIST Cybersecurity Framework is voluntary, so there is no ‘right’ or ‘wrong’ way to do it. It’s meant to be adaptable and adjustable. How I use it could be different than your usage. It’s color blind friendly! Based on best practices for organizations to better manage and reduce cybersecurity risk. It was designed to enable communications amongst both internal and external organizational stakeholders. I’m not covering it all, it’s freely available online…….i want to show you how I use it and what’s worked for me
  13. The Core functions are concurrent and continuous Help you understand and answer these questions…..
  14. Each core function is broken down into a category for each
  15. Each category has a reference ID
  16. this doesn’t need to be a self-assessment You could have an external entity perform an assessment on your behalf
  17. Note our assessment model hasn’t been updated to NIST CSF v1.1
  18. 0. No control of any kind. Initial: Control is not a priority; Unstable environment leads to dependency on heroics 2. Repeatable: Process established and repeating; reliance on people continues -- Controls documentation lacking 3. Defined: Policies, process and standards defined and institutionalized 4. Managed: Risks managed quantitatively, enterprise-wide 5. Optimized: Continuously improving controls enterprise-wide
  19. 0. No control of any kind. Initial: Control is not a priority; Unstable environment leads to dependency on heroics 2. Repeatable: Process established and repeating; reliance on people continues -- Controls documentation lacking 3. Defined: Policies, process and standards defined and institutionalized 4. Managed: Risks managed quantitatively, enterprise-wide 5. Optimized: Continuously improving controls enterprise-wide
  20. See how the tactical plan always relates back to the core function? Easy for your audience to follow……..regardless of topic
  21. Here’s an example of an approach I’ve used to explain employee awareness and email security activities……..
  22. Showing your stakeholders how you’ve updated your plan based on lessons learned
  23. Don’t say it “could happen to us” Show your organization the true delta between what happened and your org You should also show weaknesses on the organization, and again show how you plan on addressing these in the roadmap
  24. Audit Scripts – CSC initial assessment tool v7