Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly:...
Transcript of Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly:...
![Page 1: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/1.jpg)
SESSION ID:
Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome
STR-R01
David Etue VP Corporate Development Strategy SafeNet, Inc. @djetue
Joshua Corman Chief Technology Officer Sonatype @joshcorman
![Page 2: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/2.jpg)
Context
![Page 3: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/3.jpg)
#RSAC
A story of a CISO…
This presentation tell the story of a CISO
THIS CISO is fictional…
…but all the stories are REAL examples from real security programs
![Page 4: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/4.jpg)
#RSAC
Depressed? You are not alone…
![Page 5: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/5.jpg)
#RSAC
Forces of Constant Change
BUSINESS COMPLEXITY
= RISING COSTS
Evolving Threats
Evolving Technologies
Evolving Compliance
Evolving Economics
Evolving Business
Needs
![Page 6: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/6.jpg)
#RSAC
Consequences: Value & Replaceability
http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
Replaceability IRREPLACEABLE HIGHLY REPLACEABLE
Human Life Intellectual Property
PHI CCNs
![Page 7: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/7.jpg)
#RSAC
Feel Like Surrendering?
![Page 8: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/8.jpg)
#RSAC
A Modern Pantheon of Adversary Classes WHO: Actor Classes
Nation States Competitors Organized Crime Script Kiddies Terrorists “Hacktivists” Insiders Auditors
WHY: Motivations Financial Industrial Military Ideological Political Prestige
WHAT: Target Assets Credit Card #s Web Properties Intellectual Property PII/Identity Cyber Infrastructure Core Business
Processes
HOW: Methods “MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware Physical
NOTE: More Complete Version @ http://slidesha.re/1fgu6rb
![Page 9: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/9.jpg)
#RSAC
Profiling a Particular Actor WHO: Actor Classes
Nation States Competitors Organized Crime Script Kiddies Terrorists “Hacktivists” Insiders Auditors
WHY: Motivations Financial Industrial Military Ideological Political Prestige
WHAT: Target Assets Credit Card #s Web Properties Intellectual Property PII/Identity Cyber Infrastructure Core Business
Processes
HOW: Methods “MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware Physical
NOTE: More Complete Version @ http://slidesha.re/1fgu6rb
![Page 10: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/10.jpg)
#RSAC
Script Kiddies (aka Casual Adversary)
Script Kiddie
“MetaSploit”, SQLi, Phishing
CCN/Fungible
Profit, Prestige
Skiddie
5
![Page 11: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/11.jpg)
#RSAC
Organized Crime
Organized Crime
Malware, Botnets, Rootkits
Fungible, Banking
Profit
Organized Crime
50
![Page 12: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/12.jpg)
#RSAC
Nation States (Adaptive Persistent Adversaries)
Nation States
Custom Malware, SpearPhishing, Physical, Stealth
Intellectual Property, Trade Secrets, Infrastructure
Military, Industrial, Economic
Nation States
50
![Page 13: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/13.jpg)
#RSAC
Hacktivists Chaotic Actors
Chaotic Actors
DoS, SQLi, Phishing, Pranks
Web Properties, Individuals, Gov’t Policy
Ideological and/or LULZ
Chaotic Actors
10
![Page 14: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/14.jpg)
#RSAC
Auditors/Assessors/QSA
Auditors
Checklist
ONLY “In Scope” E.g. CCN (Credit Card #s)
Profit, Compliance
Auditor
1
![Page 15: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/15.jpg)
#RSAC
Attacker Power - HD Moore’s Law
Moore’s Law: Compute power doubles every 18 months
HDMoore’s Law: Casual Attacker Strength grows at the rate of MetaSploit
![Page 16: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/16.jpg)
#RSAC
Do not go gentle into that not so good night...
![Page 17: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/17.jpg)
#RSAC
![Page 18: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/18.jpg)
#RSAC
Defensible Infrastructure
![Page 19: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/19.jpg)
#RSAC
Defensible Infrastructure
Operational Excellence
![Page 20: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/20.jpg)
#RSAC
Defensible Infrastructure
Operational Excellence
Situational Awareness
![Page 21: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/21.jpg)
#RSAC
Defensible Infrastructure
Operational Excellence
Situational Awareness
Counter-measures
![Page 22: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/22.jpg)
#RSAC
![Page 23: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/23.jpg)
#RSAC
Sphere of Control
Control
![Page 24: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/24.jpg)
#RSAC
Sphere of Influence vs. Control
Influence
Control
![Page 25: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/25.jpg)
#RSAC
“Rage, rage against the dying of the light”
![Page 26: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/26.jpg)
#RSAC
PHI
“IP”
Web
PCI AV
FW
IDS/IPS
WAF
Log Mngt
File Integrity
Disk Encryption
Vulnerability Assessment
Multi-Factor Auth
Anti-SPAM
VPN
Web Filtering
DLP
Anomaly Detection
Network Forensics
Advanced Malware
NG Firewall
DB Security
Patch Management
SIEM
Anti-DDoS
Anti-Fraud
…
Desired Outcomes Leverage Points
Compliance (1..n)
“ROI” Breach / QB sneak
Productivity
…
PHI
PCI
“IP”
Web
Control “Swim Lanes”
![Page 27: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/27.jpg)
#RSAC
Web
…
PHI
“IP”
PCI AV
FW
IDS/IPS
WAF
Log Mngt
File Integrity
Disk Encryption
Vulnerability Assessment
Multi-Factor Auth
Anti-SPAM
VPN
Web Filtering
DLP
Anomaly Detection
Network Forensics
Advanced Malware
NG Firewall
DB Security
Patch Management
SIEM
Anti-DDoS
Anti-Fraud
…
Control & Influence “Swim Lanes”
Desired Outcomes Leverage Points
Compliance (1..n)
“ROI” Breach / QB sneak
Procurement Disruption
DevOps
Productivity
“Honest Risk”
General Counsel
![Page 28: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/28.jpg)
#RSAC
Web
…
PHI
“IP”
PCI AV
FW
IDS/IPS
WAF
Log Mngt
File Integrity
Disk Encryption
Vulnerability Assessment
Multi-Factor Auth
Anti-SPAM
VPN
Web Filtering
DLP
Anomaly Detection
Network Forensics
Advanced Malware
NG Firewall
DB Security
Patch Management
SIEM
Anti-DDoS
Anti-Fraud
…
Litigation
Legislation
Open Source
Hearts & Minds
Academia
Under-tapped Researcher Influence
Desired Outcomes Leverage Points
Compliance (1..n)
“ROI” Breach / QB sneak
Procurement Disruption
DevOps
Productivity
“Honest Risk”
General Counsel
![Page 29: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/29.jpg)
#RSAC
Its Easier with Teammates Alone? Team?
29
![Page 30: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/30.jpg)
#RSAC
Surprising Teammates Executives
CIO CFO General Counsel CTO R&D Operations Sales Business
Owner
Supporting Cast
DevOps Procurement Compliance Internal Audit
Risk Mgmt
Crisis Mgmt
Open Source Academia
Gov’t Affairs
![Page 31: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/31.jpg)
#RSAC
DEFENDER: General Counsel
General Counsel
Policy, LDoS, Contracts, AttorneyClientPriv
Intellectual Property, Trade Secrets, Sensitive
Due Care, Defensible Risks
General Counsel
25
![Page 32: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/32.jpg)
#RSAC
DEFENDER: Procurement / Supply Chain
Procurement
RFPs, T&Cs, SLAs, “Gating”
All Things Procured: SaaS, COTS, Services
Cost Reduction, Employer Interests
Procurement
20
![Page 33: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/33.jpg)
#RSAC
DEFENDER: Chief Information Officer
CIO
GRC, Standards, Policy, Change Mngt, Process
All Infrastructure
Stability, Order, Support Business
CIO
20
![Page 34: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/34.jpg)
#RSAC
DEFENDER: Chief Technology Officer
CTO
SDLC, Standards, Code/Tech Selection, Research
IP, Trade Secrets, Code, Platforms
Innovation, Differentiation, Adoption
CTO
20
![Page 35: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/35.jpg)
#RSAC
DEFENDER: Chief Financial Officer
CFO
Audit, Process, “Purse Strings”
Financials, Accounting Integrity, “Material”
Responsible & Lawful Fiduciary for stakeholders
CFO
05
![Page 36: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/36.jpg)
#RSAC
DEFENDER: Senior Vice President, Sales
SVP Sales
Customer Compliance, $DEALS, Roadmaps
Customer Data, “Goods”
Retire Quota, Drive Revenue
SVP Sales
15
![Page 37: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/37.jpg)
#RSAC
DEFENDER: Internal Audit
Internal Audit
CheckLists, Interviews, Policies
Scoped Data & Environments
Strict Compliance
Internal Audit
05
![Page 38: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/38.jpg)
#RSAC
DEFENDER: DevOps
DevOps
Automate, Orchestrate, ChaosMonkey, Teamwork
Code, Deploys, Environments
Faster Faster, Velocity, Efficiency
DevOps
50
![Page 39: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/39.jpg)
#RSAC
Defensible Infrastructure
Operational Excellence
Situational Awareness
Counter-measures
![Page 40: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/40.jpg)
#RSAC
Battle: PCI Compliance
40
V S
![Page 41: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/41.jpg)
#RSAC
Battle: Intellectual Property
41
50
V S
![Page 42: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/42.jpg)
#RSAC
Battle: Intellectual Property Round 2
42
50
V S
![Page 43: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/43.jpg)
#RSAC
Battle: Web Properties
43
+20
V S
![Page 44: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/44.jpg)
#RSAC
Case Study: Gaining Situational Awareness CISO: "There is a difference between reacting and hunting. If you're reacting, you're
done. We knew we had to go hunting, and that meant we had to do things differently.”
Teammates:
Business Owner: Understood adversary
Operations: Deploy BigFix for Power Management (GREEN!) AND security
Compliance: Repurposed SIEM and other compliance tools
CIO: Driven by Productivity
Result: One of the most advanced automated attack identification and classification systems developed at the time
![Page 45: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/45.jpg)
#RSAC
Case Study: Using Customers To Your Advantage
Large Financial CISO: “Only getting investment in InfoSec where required by ‘compliance’””
Teammates: VP of Sales: Worked with to include customer contractual obligations in
scope of compliance
General Counsel: Determine committed customer contractual obligations, measured risk
Audit: Added customer contractual obligations to scope of audit
Result: Significantly increase in information security investment—demanded by Sales
45
![Page 46: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/46.jpg)
#RSAC
Case Study: “DevOps” Chaotic Good
F100 Insurance “Chaos Monkey”: “We spend ZERO on securing anything but mandatory PCI controls & scope; therefore I must infect the org w/ Card Data.”
Teammates:
LOB CTO: WAFaaS can accelerate your PCI 6.6 & TimeToMarket
General Counsel: We must take reasonable steps to keep our secrets secret
CIO: If we fund a Visible Ops program, we’ll run more efficiently & be complaint
Result: More sane/balanced security posture, more agility/efficient IT
46
![Page 47: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/47.jpg)
#RSAC
Case Study: Changing Report Structure
CISO: “Reporting into CIO ignored Data Security and 3rd Party Risk”
Teammates: General Counsel: Heavier concern focus Data Classification/Security
Procurement: More stringent 3rd Party Service Provider Security, Ts & Cs
Greater Board Level Visibility & Access to Drive Table Top Exercises
47
![Page 48: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/48.jpg)
#RSAC
Case Study: Adversary Driven!
Large Scale European Financial Services CISO: “Despite a large scale information security investment, we were still losing”
Teammates:
Business Owners: Determine likely adversaries—organized crime for financial fraud
Risk: Determine potential financial losses due to various fraudulent attacks
Application Development: Shared investment with information security to tie broad information security controls will application specific security and fraud prevention
Result: Significantly more effective information security program resulting in lower fraud without significant increase in investment
48
![Page 49: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/49.jpg)
#RSAC
CISO: The New “Nick Fury”
49
YOU
Assemble Your Team of Heroes
*.*
?
YOU
∞
![Page 50: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/50.jpg)
#RSAC
Apply Who Is Your Team?
Identify at least one opportunity to leverage a new swim lane
Identify at least one new teammate to recruit and make a hero
Identify one opportunity this year to influence each layer of the pyramid
50
Everyone Has The Chance To Be the Hero In Their Own Story!
![Page 51: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/51.jpg)
#RSAC
Thank You & Additional Resources
Adversary ROI: [SlideShare] [RSA US 2012 Online on YouTube]
Supply Chain Security: Policy and Program Development [Free Research from IANS]
Rugged Software – Are you Rugged? [Website]
Do not go gentle into that good night by Dylan Thomas
51
David Etue @djetue
Joshua Corman @joshcorman
![Page 52: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/52.jpg)
Back-Up Will Delete by Final
![Page 53: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/53.jpg)
#RSAC
53
Internal Audit 05
CheckLists, Interviews, Policies
Scoped Data & Environments
Strict Compliance
Internal Audit
DevOps 50
Automation, Orchestration, Teams
Code, Deploys, Environments
Faster Faster, Velocity, Efficiency
DevOps
Risk Management ??
Risk Models, Metrics, “TableTops”
Risk Identified & Prioritized Assets
Support Business Intent
Risk Management
![Page 54: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/54.jpg)
#RSAC
54
SVP Sales CTO
SDLC, Research, Tech Selection
IP, Trade Secrets, Code, Platforms
Innovation, Adoption
CTO
20 CFO 05
Audit, Process, “Purse Strings”
Financials Integrity, “Material”
Responsible & Lawful Fiduciary
CFO
15
Customer Compliance & $DEALS
Customer Data, “Goods”
Retire Quota, Drive Revenue
SVP Sales
![Page 55: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/55.jpg)
#RSAC
55
Procurement
RFPs, T&Cs, SLAs, “Gating”
All Things Procured: COTS, Services
Cost Reduction, Employer Interests
Procurement
20 CIO
GRC, Policy, Change Mngt
All Infrastructure
Stability, Order, Support Business
CIO
20 General Council
Policy, Contracts, AttorneyClientPriv
IP, Trade Secrets, Sensitive
Due Care, Defensible Risks
General Counsel
20
![Page 56: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/56.jpg)
#RSAC
56
Nation State
Custom Malware, Stealth, *.*
IP, Trade Secrets, Infrastructure
Military, Industrial, Economic
Nation State/Espionage
50 Script Kiddie 05
“MetaSploit”, SQLi, Phishing
CCN/Fungible
Profit, Prestige
Skiddie
Organized Crime 50
Malware, Botnets, Rootkits
Fungible, Banking
Profit
Organized Crime
![Page 57: Not Go Quietly: Surprising Strategies and Teammates to ... · PDF fileNot Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome . ... DB Security . Patch Management](https://reader031.fdocuments.net/reader031/viewer/2022030500/5aabf9927f8b9aa9488ca31c/html5/thumbnails/57.jpg)
#RSAC
57
Auditors
Checklist
ONLY “In Scope” (Credit Card #s)
Profit, Compliance
Auditor
01