RSA Conference 2016 Seven Key Takeaways You Can Use

Today

INFRAGARD

InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

Disclaimer

The views, opinions, and content of this webinar are solely those of the speakers and other contributors. These views and opinions do not necessarily represent those of InfraGard or InfraGard Atlanta Members Alliance (IAMA).

The views expressed here are commentary on themes emerging from the RSA Conferences 2016 and not in any way affiliated or connected with the official event.

JOSEPH DYER JR.

Joseph Dyer is Chief Information Security Officer with ICF International. ICF International provides professional services, technology solutions, and policy consulting that deliver beneficial impact in areas critical to energy, environment, infrastructure, health, social programs, public safety and defense. ICF has more than 5,000 employees that service government and commercial clients from more than 70 offices worldwide. Mr. Dyer manages ICF International’s corporate global cyber security program. Mr. Dyer has over 30 years of information technology experience with over 15 years of information security involvement.

Mr. Dyer holds a BS degree in Information Systems and maintains several industry certifications including Certified Information System Security Professional (CISSP), Certified Chief Information Security Officer (C|CISO), Global Information Assurance Certification (GIAC), Certified Hacking Forensic Investigator (CHIF), and Certified Computer Forensic Examiner (CHFI).

ConnectLinkedIn josephdyer

WARD PYLES

ConnectLinkedIn wardpyles

Ward Pyles is the Manager of Security Risk and Governance with The Home Depot, the world’s largest home improvement specialty retailer with more than 2,200 North American stores and 350,000 employees. With a Master of Law and more than 15 years of experience in Information Security, Ward’s extensive background in technology, regulatory compliance, and risk management assists The Home Depot in security practices and infrastructure protection.

During Mr. Pyles career he has advised Congressional staff and DHS on critical infrastructure security practices and participated as an author of the first Smart Grid security standards, the nationally industry leverage NIST Cyber Security Framework, and maturity models from DOE. His global experience advising electric organizations of critical infrastructure security threats was leveraged in the development of the industries first in-house proactive ISO 27001 assessment processes.

TREVOR HORWITZ

Trevor Horwitz is the founder and CISO of TrustNet, a leading specialized provider of IT Security and Compliance services. Trevor has designed, developed, and assessed security and compliance solutions for corporations of all sizes and across multiple industries for over twenty years. Trevor is a PCI Qualified Security Assessor and contributing member of the PCI Security Council’s special interest group on virtualization and cloud security.

His career experience includes roles as the CEO of a pioneering network security company and a senior consultant at PWC. He is the President of InfraGard Atlanta, past Executive Board member of ISACA Atlanta, and has been active in the Technology Association of Georgia for over fifteen years. Trevor holds a Bachelor of Commerce from the University of the Witwatersrand, Johannesburg, South Africa with a triple major in Accounting, Information Systems, and Business Law.

ConnectLinkedIn trevorhorwitz

SUPPORT OUR SPONSORS

TrustNet helps businesses build trusted relationships with their customers, partners, and

employees by providing CyberSecurity and Compliance

services and solutions

Managed Security Services Compliance – PCI QSA, SOC, HIPAA, FISMA,

ISO, SOX Security Consulting – Penetration Testing Awareness Training

www.TrustNetInc.com

The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies’ critical infrastructures with innovative solution providers

and renowned information security experts.

www.CyberSummitUSA.com

1. Ransomware on the Rise 2. Back to Basics - we’re still playing defense

3. The Target is Expanding4. The New Face of Threat Modelling5. Breached – Now what?

6. Extending Your Security Team7. Threat Detection – It’s still a thing

AGENDA

1. Yes, the presentation will be available after the webinar ends. We will email you a link to the recording in the next day or so.

2. If you have a question, send it to us in the chat window on the left side of your screen!

FAQ’S

RANSOMWARE ON THE RISE

The earliest known ransomware was devised

by Joseph Popp. Popp wrote the “AIDS” Trojan (aka PC Cyborg) in 1989

RANSOMWARE ON THE RISE Backup, backup, backup

Maintain vigilance with anti-spam and anti-malware s/w

Train users to be suspicious of email Check sender addresses Check content of messages Avoid clicking links in email

Keep all software patched and up-to-date

Practice you incident response plan with a ransomware scenario

Setup a bitcoin account, just in case

BACK TO BASICSwe’re still playing defense, but not very well

BACK TO BASICSwe’re still playing defense, but not very well

Authentication

Multi factor is an emerging standard, even for local network access

Firewalls, routers, IDS/IPS

Endpoints - anti-malware, secure browsers, file integrity monitoring

Software updates and patching

Yes, we know it’s tedious and you hate it

Encryption

Data at rest and in motion, even on the corporate network

Monitoring - log management, threat management, vulnerability management

Don’t have the capabilities and resources? Consider Managed Security Services

THE TARGET IS EXPANDING – DATA IS TOXIC

Data breaches average $154 per record, while the average cost per data

breach has reached $3.79MM

THE TARGET IS EXPANDING – DATA IS TOXIC

Cloud and Big Data - a marriage made in heaven is heading for a break-up

Focus on data ex-filtration and DLP is not enough

Many organization have no idea where all their data resides

Risk of storing some types of data may exceed its value to the organization

Some data types have diminishing returns

Tokenization highly recommended

Treating data as toxic will change the security posture

THE NEW FACE OF THREAT MODELLING

Threat Modeling Approaches

Software-centric

Asset-centric

Attacker-centric

THE NEW FACE OF THREAT MODELLINGProcess

Decompose the application/network/system

Identification and classification, external dependencies, entry points, assets, trust levels

Identify and rank threats

STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege)

DREAD risk ranking (damage potential, reproducibility, exploitability, affected users, discoverability)

Develop countermeasures and mitigation

OWASP Application Threat Modeling

https://www.owasp.org/index.php/Application_Threat_Modeling

ATLANTA CYBER SECURITY SUMMITWednesday, April 6, 2016

9:00 AM to 6:00 PMThe Ritz-Carlton Buckhead

The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies’ critical infrastructures with

innovative solution providers and renowned information security experts.

“Special Offer for InfraGard Members”

http://cybersummitusa.com/atlanta-2016/

BREACHED – NOW WHAT?

BREACHED – NOW WHAT? Build security resilience and elasticity into architecture

Automation – incident detection and response

Interoperability – distributed detection across the network

Authentication – trusted communication and collaboration

Resilience cycles

Pre-disruption – scan and eliminate vulnerabilities

During Disruption– rapid automated response

Post Disruption– reshape the environment new

Technical tools to achieve this are not mature

Software-Defined Networking may be the catalyst

OUR PANELISTSTrevor HorwitzJoseph Dyer Jr.

LinkedIn josephdyer LinkedIn trevorhorwitz LinkedIn wardpyles

Ward Pyles

EXTENDING YOUR SECURITY TEAM

Malicious cyber attacks cost US $300 B to US $ 1Trillion a

year

Demand for information security professionals is

expected to grow by 53% by 2018

EXTENDING YOUR SECURITY TEAM Shortage of resources can’t be fixed in the short term

Coopting resources – the “extended security team”

Leveraging non-security team personnel as security champions/advocates

Build security into organizational culture

Educate employees – #WeAreAllSecurity

Reward positive behavior

Outsourcing

Managed Security Services

Co-Managed Security

THREAT DETECTION – IT’S STILL A THING

THREAT DETECTION – IT’S STILL A THING Three pillars of threat detection

Visibility

Real time collection

Identity

Accurate identification

Automate analysis

Risk

Escalate response based on risk

Get serious about vulnerability scanning

More frequent penetration testing

SUPPORT OUR SPONSORS

TrustNet helps businesses build trusted relationships with their customers, partners, and

employees by providing CyberSecurity and Compliance

services and solutions

Managed Security Services Compliance – PCI QSA, SOC, HIPAA, FISMA,

ISO, SOX Security Consulting – Penetration Testing Awareness Training

www.TrustNetInc.com

The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies’ critical infrastructures with innovative solution providers

and renowned information security experts.

www.CyberSummitUSA.com

THE RECAP

1. Prepare for a ransomware attack2. Revisit your defensive strategy3. Revaluate what data you retain4. Improve your threat modelling5. Develop a resilience strategy6. Extend your security team 7. Assess your threat detection capabilities

www.TrustNetInc.com

Twitter @TrustNetIncLinkedIn #TrustNetInc

www.CyberSummitUSA.com