The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare...
Transcript of The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare...
![Page 1: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/1.jpg)
The Fog of More
The Challenge of Simplifying Security
![Page 2: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/2.jpg)
Risk = { }
Classic Risk Equation
f Vulnerability, Threat, Consequencecontrols
![Page 3: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/3.jpg)
Seismic Shifts
• Communications Security “Cyber”
• Mathematics CS, Networking, Ops, Analytics
• Technology Information, Operations
• Government monopoly user/market driven
• National Security economic/social Risk
![Page 4: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/4.jpg)
A few cybersecurity lessons
• Cybersecurity is like “Groundhog Day”, not “Independence Day”
• Knowing about flaws doesn’t get them fixed
• Cyber Defense == Information Management
– not Information Sharing, not technology
– the most important verb is translate
• The Bad Guy doesn’t perform magic
• There’s a large but limited number of defensive choices
– prioritization is ALWAYS required
– and the 80/20 rule applies (The Pareto Principle)
![Page 5: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/5.jpg)
“The ”
standards SDL
supply-chain security
security bulletins
user awareness training
browser isolationtwo-factor authentication
encryption
incident response
security controls
threat intelligence
whitelistingneed-to-know
SIEMvirtualization
sandbox
compliance
maturity model
anti-malware
penetration testing
audit logs
baseline configuration
risk management framework
continuous monitoring
DLP
threat feed
certification
assessmentbest practice
governance
![Page 6: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/6.jpg)
Healthcare Common Security Framework
NIST 800-53
NIST Cybersecurity Framework
ISO 27001/27002
COBIT
DHS CDM Program
NERC CIP
NISP DoD 5220.22-M
PCI DSSISF Standard of Good Practice
Bank of England CBEST
NATO CCD Cybersecurity Framework
ENISA Security Framework for Government Clouds
FISMA
![Page 7: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/7.jpg)
The Defender’s Dilemma
1. What’s the right thing to do, and how much do I need to do?
2. How do I actually do it?
3. And how can I demonstrate to others that I have done the right thing?
![Page 8: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/8.jpg)
from Best Practice Common Practice• How do we know what is “best”?
– Based on Data? Solution to the worst problem? Trusted source?
• What is a “practice”?– How specific? How do I actually do it? What do I need to do this?
• What are the barriers?– Knowledge? Cost? Tools? Training? Enforcement? Misalignment?
• It takes more than a list of practices– Marketplace, tools, training; community-building; sharing of ideas;
alignment of practices with oversight, auditing, compliance.
![Page 9: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/9.jpg)
NSA/DoD Project (2008)
The SANS Institute (2009)
“The SANS Top 20 Critical Controls”
Council on CyberSecurity (2013; non-profit)
“The Critical Security Controls”
Center for Internet Security (2015)
“The CIS Critical Security Controls”
Center for Strategic and International Studies (2008)
“The Consensus Audit Guidelines”
![Page 10: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/10.jpg)
CIS Critical Security Controls (Version 6)
![Page 11: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/11.jpg)
Recent References to the CIS Controls• California Attorney General’s 2016 Data Breach Report
• The NIST Cybersecurity Framework
• Symantec 2016 Internet Security Threat Report – and Verizon DBIR, HP, Palo Alto, Solutionary…)
• National Governor’s Association
• National Consortium for Advanced Policing
• Multiple Supply Chain activities
• Conference of State Bank Supervisors
• Zurich Insurance
• UK Critical Protection for National Infrastructure
• NHTSA
![Page 12: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/12.jpg)
• Measurement
• Mobile Security
• Privacy
• Internet of Things/ICS
• Small/Medium Enterprises
• The Community Attack Model
• A C-Suite View
• The Community Risk Assessment Process
• Mappings, Use Cases, Translations, tool directories
Companions, Working Aids
![Page 13: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/13.jpg)
An Attack Model is about Action
• What do Attackers do, When?• Where are the opportunities to see, stop, etc.?• What things should I put in place, Where, to help me the
most effectively?
![Page 14: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/14.jpg)
CIS Community Attack Model
![Page 15: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/15.jpg)
Making Best Practice Common Practice
The Center for Internet Security
![Page 16: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/16.jpg)
Contact• Website: www.cisecurity.org• Email: [email protected]• Twitter: @CISecurity• Facebook: Center for Internet Security• LinkedIn:
• The Center for Internet Security• 20 Critical Security Controls
![Page 17: The Fog of More · DLP threat feed certification best practice assessment governance. Healthcare Common Security Framework NIST 800-53 NIST Cybersecurity Framework ... NATO CCD Cybersecurity](https://reader036.fdocuments.net/reader036/viewer/2022081406/5f17f0a99d6db34e4601096e/html5/thumbnails/17.jpg)
Tony SagerThe Center for Internet Security
@CISecurity