SlideShare a Scribd company logo

Addressing cyber security

Femi Ashaye, profile picture
Femi Ashaye

This document discusses addressing cyber security. It begins with defining cyber security and providing examples of cyber security cases. It then discusses cyber security strategies used by the UK and US. A risk-based approach to cyber security is recommended, using standards like ISO27001 and ISO27005. This involves identifying risks, implementing controls, and managing security incidents using a plan-do-check-act cycle. Tools like SIEM can help correlate events to assess risk and generate security alarms. While cyber security faces new challenges compared to information security, risk management principles remain important to understand threats and maintain security over time.

Technology
1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Addressing Cyber Security Presented by: Femi Ashaye
 What is Cyber Security?  Cyber Security Cases  Cyber Security Strategy  A Risk Based Approach  Managing Cyber Attacks.. CHECK and ACT  The Bigger Picture!! Agenda
What is Cyber Security??  Protection of ICT system, network and data in Cyber Space (i.e. any communications environment, particularly the Internet).  Protection through prevention, detection and response to attacks from wide Cyber Threats such as Cyber Crime, Cyber Terror, Cyber Espionage,  Cyber War etc..  Impact Governments, Financial Organisations, Critical National Infrastructures, Individuals etc.. at significantly different levels of technical sophistication.  Exploits varied Cyber Space offerings (e.g. Cloud, Mobile, Social Networking, Shopping, Online Games etc..) not previously dealt with in traditional Information Security World.
Cyber Security Cases  Student, After Delay, Is Charged In Crippling of Computer Network "After more than eight months, the Justice Department said yesterday that a Federal grand jury in Syracuse had indicted the 24-year-old Cornell University graduate student who has been blamed for crippling a nationwide computer network with a rogue software program... The student, Robert Tappan Morris, was charged with a single felony count under a 1986 computer crimes law, the Computer Fraud and Abuse Act ..." The New York Times (27 July 1989)  Youth Sentenced in Government Hacking Case "A 16-year-old from Miami who repeatedly penetrated computer systems of the Defense  Department and the space agency has been sentenced to six months in juvenile  detention. The Justice Department said he is the first juvenile hacker to be sentenced to serve time..." The New York Times (23 Sept 2000)
Cyber Security Cases (cont’d..)  Downloaded music by Jay-Z ... all I got was snooped, dog "Fans of rapper Jay-Z who thought they'd grabbed hold of an app granting them access to an early release of his new album Magna Carta Holy Grail have found themselves on the receiving end of an anti- PRISM Android Trojan designed to slurp all their data..." The Register (05 July 2013)
Cyber Security Strategy  United Kingdom - Cyber Security Strategy  Improving knowledge, capabilities and decision-making  Reducing risk from the UK’s use of cyber space  Exploiting opportunities in cyber space  United States - Comprehensive National Cyber Security Initiative  Establish a front line of defence against today’s immediate threats  Defend against the full spectrum of threats  Strengthen the future cyber space environment  Similar goals - Understand Cyber Space offerings to exploit the opportunities it delivers and address its risks. However Governments are breaking their own privacy laws on wire snooping to understand and combat Cyber Threats!!!
A Risk Based Approach  Risk based approach with emphasis on likelihood of most dangerous attacks on assets with most impact to the organisation needs to be applied.  Objective feedback from existing controls to assess exposure to, and deal instantly with Cyber Threats.   Interrelated international standards already exist to support this approach:  ISO27001 (Design and develop Information Security Controls, Processes and Awareness)  ISO27005 (Manage Information Security Risks)   ISO27035 (Manage Information Security Incidents)  ISO27001 and ISO 27005 uses Deming Cycle for development, maintenance and improvement of Information Security: Plan->Do->Check->Act->Plan->Do->Check->Act->Plan->.... (Anticlockwise 0)  Deming Cycle is more linear to address Cyber Security concentrating on maintenance and improvement exercises to deal with growing Cyber Threats at a faster pace:    Plan->Do->Check->Act->Check->Act->Check->Act->Check->.... (Anticlockwise 6)
A Risk Based Approach.. (continue)  ISO standards cover following processes and activities to aid Cyber Security:  Understanding of actual business context information and security related context information (PLAN)  Risk Assessments conducted to understand likelihood of threats and vulnerabilities and impact to the organisation (PLAN and CHECK)  Awareness for the need, and responsibility, for security by all parties (DO)  Security design and implementation of controls commensurate to assessed risk (PLAN and DO)  Prevent, detect and respond to security incidents including review of existing state of security (CHECK and ACT).  Measurement of control effectiveness and maturity of overall security to enable when, where and how to improve overall security posture (CHECK and ACT).
A Risk Based Approach.. (continue) Acceptable Risk = Monitor To Ensure stability Significant Risk = Appropriate Actions Required Critical Risk = Immediate Actions Required Acceptable Risk = Monitor To Ensure stability Significant Risk = Appropriate Actions Required Significant Risk = Appropriate Actions Required Negligible Risk = No Action Required Acceptable Risk = Monitor To Ensure stability Acceptable Risk = Monitor To Ensure stability LOW MEDIUM HIGH HIGHMEDIUMLOW <<<<<<<<< Impact (Assets) >>>>>>>>> <<<Likelihood(ThreatsxVulnerabilities)>>> <<<<<<RiskRelatedInformation>>>>>> <<<<<<<< Risk Related Information >>>>>>>>
Managing Cyber Attacks.. CHECK and ACT  Identify Cyber Space assets, threats, vulnerabilities and appropriate controls (i.e. risk related information) to address:  IF we are to be attacked what should we have in place to PREVENT an attack?  WHEN we are attacked what should we have in place, and how, to DETECT the attack? And can we RESPOND to it and PREVENT it from happening again?  To address WHEN situation, Preventative and Detective controls need to be implemented to discover, and protect important assets from, attacks. These controls are prime sources for providing risk related information as events in real time.  Event monitoring provides recording of risk related information such as:  Malicious traffic to specific systems  Suspicious activity across domain boundaries  User session activity.. and more...
Managing Cyber Attacks.. (..continue) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative and Detective Controls IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited on,, Discovers and protects against Discovers and protects against.  Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Risk Information SIEM & Logger AV Gateway ALARM Security Incidents 
Managing Cyber Attacks.. (..continue)  SIEM (Security and Information Event Management) requires understanding of business and security related context information to enable:  Correlation and aggregation of event data (i.e. risk related information) for risk assessment  Capability to generate alarms against security incidents  Not all tools can help in instantaneously managing, preventing or detecting all threats and attacks. Computer Forensics provides a methodology to address:  Unknown threats and attacks not picked up as part of security monitoring  How, where and when such threats were realised  Real time assessment of threats and vulnerabilities provides understanding of the effectiveness of controls and risks to assets.  Measurement of control effectiveness can be obtained through a combination of output of incidents; events and information acquired through forensics investigation.
Managing Cyber Attacks.. (..continue) Acceptable Event = Monitor To Ensure stability (e.g. Admin is logged on to Catalogue Server for > 8 hours) Significant Event = Appropriate Actions Required (e.g. Malicious script on company’s Intranet portal) Critical Event = Immediate Actions Required (e.g. Worm discovered on air traffic control system) Acceptable Event = Monitor To Ensure stability Significant Event = Appropriate Actions Required Significant Event = Appropriate Actions Required Negligible Event = No Action Required (e.g. Legitimate user carries out a wrong search on Catalogue server.) Acceptable Event = Monitor To Ensure stability Acceptable Event = Monitor To Ensure stability LOW MEDIUM HIGH HIGHMEDIUMLOW <<<<<<<<< Impact (Assets) >>>>>>>>> <<<Likelihood(ThreatsxVulnerabilities)>>> <<<<Correlated/AggregatedEvents>>>> <<<<<<< Correlated/Aggregated Events >>>>>>>>
The Bigger Picture!!  Addressing Cyber Security is not so fundamentally different to Information Security.  Main difference is keeping up with growing opportunities and challenges (i.e. risks) in Cyber Space. These differences are created by:  Expanding technology and new, but converging, service offerings (e.g. cloud, social networking and mobile) landscape in the past twenty or so years.  The business and user interaction with new services like social networking and it's impact on personal data privacy, politics, etc..  Risk based approach required to fully understand the scale and impact of Cyber Threats.  Indicators for risk exposure and control effectiveness identifies key risks over time.  Data and system centric processes and key controls already exists for dealing with Cyber Threats.  Might require help from other disciplines such as criminologists, sociologists, psychologists. lawyers etc.. leading to people and behaviour centric controls.  Additional control types required but continuous maintenance and improvement activities to deal with risk at real time is important.
The Bigger Picture!!.. (continue)  Approach covers risk identified across people and process activities not just technical.  Existing Information Security related standards, regulations and guidelines important to risk based approach for addressing Cyber Security.  Changes to old legislation, and new legislations, on computer misuse, fraud and abuse aim to further tighten the noose on individuals involved in Cyber Security breaches. Thank You!!Thank You!!

More Related Content

PPTX
Healthcare info tech systems cyber threats ABI conference 2016
Amgad Magdy
 
PPTX
Big Data Analytics for Cyber Security: A Quick Overview
Femi Ashaye
 
PPTX
Using Big Data for Cybersecurity
Splunk
 
PDF
Leverage Big Data for Security Intelligence
Stefaan Van daele
 
PDF
Data Analytics in Cyber Security - Intellisys 2015 Keynote
HPCC Systems
 
PDF
WhyNormShield
Candan BOLUKBAS
 
DOCX
UserEntityandBehaviorAnalyticsFriedman
Aaron Friedman
 
PPTX
User Behavior Analytics And The Benefits To Companies
Spectorsoft
 
Healthcare info tech systems cyber threats ABI conference 2016
Amgad Magdy
 
Big Data Analytics for Cyber Security: A Quick Overview
Femi Ashaye
 
Using Big Data for Cybersecurity
Splunk
 
Leverage Big Data for Security Intelligence
Stefaan Van daele
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
HPCC Systems
 
WhyNormShield
Candan BOLUKBAS
 
UserEntityandBehaviorAnalyticsFriedman
Aaron Friedman
 
User Behavior Analytics And The Benefits To Companies
Spectorsoft
 

What's hot (20)

PPTX
Operational Security Intelligence
Splunk
 
PPTX
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
PDF
Cyber threat intelligence ppt
Kumar Gaurav
 
PDF
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PPTX
The State Of Information and Cyber Security in 2016
Shannon G., MBA
 
PDF
Cyber Security for Digital-Era
JK Tech
 
PDF
A Strategy for Addressing Cyber Security Challenges
Cybersecurity Education and Research Centre
 
DOC
Audit logs for Security and Compliance
Anton Chuvakin
 
PDF
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
PPTX
SOC 3.0: strategic threat intelligence May 2016
Sarah Bark
 
PPTX
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PDF
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
PPTX
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
PPTX
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
PPT
Challenges in implementating cyber security
Inderjeet Singh
 
PPT
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
PDF
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Operational Security Intelligence
Splunk
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
Cyber threat intelligence ppt
Kumar Gaurav
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
The State Of Information and Cyber Security in 2016
Shannon G., MBA
 
Cyber Security for Digital-Era
JK Tech
 
A Strategy for Addressing Cyber Security Challenges
Cybersecurity Education and Research Centre
 
Audit logs for Security and Compliance
Anton Chuvakin
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
SOC 3.0: strategic threat intelligence May 2016
Sarah Bark
 
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
Challenges in implementating cyber security
Inderjeet Singh
 
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Ad

Viewers also liked (16)

PDF
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye
 
PPTX
Pratik Desai Ph.D dissertation defense
Pratik Desai, PhD
 
PPT
Implementing ASP.NET Role Based Security
Dean Willson
 
PDF
Role Based Access Control - Overview
Hitachi ID Systems, Inc.
 
PPT
IT Infrastructure and Platforms
Angelica Angelo Ocon
 
PPS
MIS - IT Infrastructure (Part I)
Soetam Rizky
 
PPT
ITIL v3 Foundation Overview
adabbas
 
KEY
Intro To Hadoop
Bill Graham
 
PPT
It infrastructure hardware and software
Prof. Othman Alsalloum
 
PPTX
History of Business Intelligence
Nic Smith
 
PPTX
Big Data & Hadoop Tutorial
Edureka!
 
PPTX
Hadoop introduction , Why and What is Hadoop ?
sudhakara st
 
PPT
Big data ppt
IDBI Bank Ltd.
 
PPTX
Big data and Hadoop
Rahul Agarwal
 
PPTX
What is Big Data?
Bernard Marr
 
PPTX
Big data ppt
Nasrin Hussain
 
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye
 
Pratik Desai Ph.D dissertation defense
Pratik Desai, PhD
 
Implementing ASP.NET Role Based Security
Dean Willson
 
Role Based Access Control - Overview
Hitachi ID Systems, Inc.
 
IT Infrastructure and Platforms
Angelica Angelo Ocon
 
MIS - IT Infrastructure (Part I)
Soetam Rizky
 
ITIL v3 Foundation Overview
adabbas
 
Intro To Hadoop
Bill Graham
 
It infrastructure hardware and software
Prof. Othman Alsalloum
 
History of Business Intelligence
Nic Smith
 
Big Data & Hadoop Tutorial
Edureka!
 
Hadoop introduction , Why and What is Hadoop ?
sudhakara st
 
Big data ppt
IDBI Bank Ltd.
 
Big data and Hadoop
Rahul Agarwal
 
What is Big Data?
Bernard Marr
 
Big data ppt
Nasrin Hussain
 
Ad

Similar to Addressing cyber security (20)

PPTX
Week 1&amp;2 intro_ v2-upload
Vinoth Sn
 
PPTX
Abhishek kurre.pptx
Dolchandra
 
PPT
S nandakumar
IPPAI
 
PPT
S nandakumar_banglore
IPPAI
 
PPT
Introduction to Cyber Security
Stephen Lahanas
 
PDF
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
PPT
Cybersecurity and the regulator, what you need to know
Cordium
 
PPSX
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
James Mulhern
 
PDF
Cervone uof t - nist framework (1)
Stephen Abram
 
PDF
2023 ITM Short Course - Week 1.pdf
DorcusSitali
 
PDF
Department of Homeland Security Guidance
Meg Weber
 
PDF
DHS Guidelines
Meg Weber
 
PPTX
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
PPTX
Cloud Security.pptx
Binod Rimal
 
PPT
Meeting the cyber risk challenge
FERMA
 
PPTX
What is Information Security and why you should care ...
James Mulhern
 
PDF
Cyber forensic readiness cybercon2012 adv j fick
Jacqueline Fick
 
PDF
NextLevel Cyber Security Executive Briefing
Joe Nathans
 
PDF
GAM 2021 - Aligning Audits with Leadership Cybersecurity Questions.pdf
Nathan Anderson
 
PPTX
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Week 1&amp;2 intro_ v2-upload
Vinoth Sn
 
Abhishek kurre.pptx
Dolchandra
 
S nandakumar
IPPAI
 
S nandakumar_banglore
IPPAI
 
Introduction to Cyber Security
Stephen Lahanas
 
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Cybersecurity and the regulator, what you need to know
Cordium
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
James Mulhern
 
Cervone uof t - nist framework (1)
Stephen Abram
 
2023 ITM Short Course - Week 1.pdf
DorcusSitali
 
Department of Homeland Security Guidance
Meg Weber
 
DHS Guidelines
Meg Weber
 
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Cloud Security.pptx
Binod Rimal
 
Meeting the cyber risk challenge
FERMA
 
What is Information Security and why you should care ...
James Mulhern
 
Cyber forensic readiness cybercon2012 adv j fick
Jacqueline Fick
 
NextLevel Cyber Security Executive Briefing
Joe Nathans
 
GAM 2021 - Aligning Audits with Leadership Cybersecurity Questions.pdf
Nathan Anderson
 
Jack Whitsitt - Yours, Anecdotally
EnergySec
 

Recently uploaded (20)

PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Cloud computing and distributed systems.
kkkkkhan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Modernizing your data center with Dell and AMD
Principled Technologies
 

Addressing cyber security

  • 2.  What is Cyber Security?  Cyber Security Cases  Cyber Security Strategy  A Risk Based Approach  Managing Cyber Attacks.. CHECK and ACT  The Bigger Picture!! Agenda
  • 3. What is Cyber Security??  Protection of ICT system, network and data in Cyber Space (i.e. any communications environment, particularly the Internet).  Protection through prevention, detection and response to attacks from wide Cyber Threats such as Cyber Crime, Cyber Terror, Cyber Espionage,  Cyber War etc..  Impact Governments, Financial Organisations, Critical National Infrastructures, Individuals etc.. at significantly different levels of technical sophistication.  Exploits varied Cyber Space offerings (e.g. Cloud, Mobile, Social Networking, Shopping, Online Games etc..) not previously dealt with in traditional Information Security World.
  • 4. Cyber Security Cases  Student, After Delay, Is Charged In Crippling of Computer Network "After more than eight months, the Justice Department said yesterday that a Federal grand jury in Syracuse had indicted the 24-year-old Cornell University graduate student who has been blamed for crippling a nationwide computer network with a rogue software program... The student, Robert Tappan Morris, was charged with a single felony count under a 1986 computer crimes law, the Computer Fraud and Abuse Act ..." The New York Times (27 July 1989)  Youth Sentenced in Government Hacking Case "A 16-year-old from Miami who repeatedly penetrated computer systems of the Defense  Department and the space agency has been sentenced to six months in juvenile  detention. The Justice Department said he is the first juvenile hacker to be sentenced to serve time..." The New York Times (23 Sept 2000)
  • 5. Cyber Security Cases (cont’d..)  Downloaded music by Jay-Z ... all I got was snooped, dog "Fans of rapper Jay-Z who thought they'd grabbed hold of an app granting them access to an early release of his new album Magna Carta Holy Grail have found themselves on the receiving end of an anti- PRISM Android Trojan designed to slurp all their data..." The Register (05 July 2013)
  • 6. Cyber Security Strategy  United Kingdom - Cyber Security Strategy  Improving knowledge, capabilities and decision-making  Reducing risk from the UK’s use of cyber space  Exploiting opportunities in cyber space  United States - Comprehensive National Cyber Security Initiative  Establish a front line of defence against today’s immediate threats  Defend against the full spectrum of threats  Strengthen the future cyber space environment  Similar goals - Understand Cyber Space offerings to exploit the opportunities it delivers and address its risks. However Governments are breaking their own privacy laws on wire snooping to understand and combat Cyber Threats!!!
  • 7. A Risk Based Approach  Risk based approach with emphasis on likelihood of most dangerous attacks on assets with most impact to the organisation needs to be applied.  Objective feedback from existing controls to assess exposure to, and deal instantly with Cyber Threats.   Interrelated international standards already exist to support this approach:  ISO27001 (Design and develop Information Security Controls, Processes and Awareness)  ISO27005 (Manage Information Security Risks)   ISO27035 (Manage Information Security Incidents)  ISO27001 and ISO 27005 uses Deming Cycle for development, maintenance and improvement of Information Security: Plan->Do->Check->Act->Plan->Do->Check->Act->Plan->.... (Anticlockwise 0)  Deming Cycle is more linear to address Cyber Security concentrating on maintenance and improvement exercises to deal with growing Cyber Threats at a faster pace:    Plan->Do->Check->Act->Check->Act->Check->Act->Check->.... (Anticlockwise 6)
  • 8. A Risk Based Approach.. (continue)  ISO standards cover following processes and activities to aid Cyber Security:  Understanding of actual business context information and security related context information (PLAN)  Risk Assessments conducted to understand likelihood of threats and vulnerabilities and impact to the organisation (PLAN and CHECK)  Awareness for the need, and responsibility, for security by all parties (DO)  Security design and implementation of controls commensurate to assessed risk (PLAN and DO)  Prevent, detect and respond to security incidents including review of existing state of security (CHECK and ACT).  Measurement of control effectiveness and maturity of overall security to enable when, where and how to improve overall security posture (CHECK and ACT).
  • 9. A Risk Based Approach.. (continue) Acceptable Risk = Monitor To Ensure stability Significant Risk = Appropriate Actions Required Critical Risk = Immediate Actions Required Acceptable Risk = Monitor To Ensure stability Significant Risk = Appropriate Actions Required Significant Risk = Appropriate Actions Required Negligible Risk = No Action Required Acceptable Risk = Monitor To Ensure stability Acceptable Risk = Monitor To Ensure stability LOW MEDIUM HIGH HIGHMEDIUMLOW <<<<<<<<< Impact (Assets) >>>>>>>>> <<<Likelihood(ThreatsxVulnerabilities)>>> <<<<<<RiskRelatedInformation>>>>>> <<<<<<<< Risk Related Information >>>>>>>>
  • 10. Managing Cyber Attacks.. CHECK and ACT  Identify Cyber Space assets, threats, vulnerabilities and appropriate controls (i.e. risk related information) to address:  IF we are to be attacked what should we have in place to PREVENT an attack?  WHEN we are attacked what should we have in place, and how, to DETECT the attack? And can we RESPOND to it and PREVENT it from happening again?  To address WHEN situation, Preventative and Detective controls need to be implemented to discover, and protect important assets from, attacks. These controls are prime sources for providing risk related information as events in real time.  Event monitoring provides recording of risk related information such as:  Malicious traffic to specific systems  Suspicious activity across domain boundaries  User session activity.. and more...
  • 11. Managing Cyber Attacks.. (..continue) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative and Detective Controls IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited on,, Discovers and protects against Discovers and protects against.  Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Risk Information SIEM & Logger AV Gateway ALARM Security Incidents 
  • 12. Managing Cyber Attacks.. (..continue)  SIEM (Security and Information Event Management) requires understanding of business and security related context information to enable:  Correlation and aggregation of event data (i.e. risk related information) for risk assessment  Capability to generate alarms against security incidents  Not all tools can help in instantaneously managing, preventing or detecting all threats and attacks. Computer Forensics provides a methodology to address:  Unknown threats and attacks not picked up as part of security monitoring  How, where and when such threats were realised  Real time assessment of threats and vulnerabilities provides understanding of the effectiveness of controls and risks to assets.  Measurement of control effectiveness can be obtained through a combination of output of incidents; events and information acquired through forensics investigation.
  • 13. Managing Cyber Attacks.. (..continue) Acceptable Event = Monitor To Ensure stability (e.g. Admin is logged on to Catalogue Server for > 8 hours) Significant Event = Appropriate Actions Required (e.g. Malicious script on company’s Intranet portal) Critical Event = Immediate Actions Required (e.g. Worm discovered on air traffic control system) Acceptable Event = Monitor To Ensure stability Significant Event = Appropriate Actions Required Significant Event = Appropriate Actions Required Negligible Event = No Action Required (e.g. Legitimate user carries out a wrong search on Catalogue server.) Acceptable Event = Monitor To Ensure stability Acceptable Event = Monitor To Ensure stability LOW MEDIUM HIGH HIGHMEDIUMLOW <<<<<<<<< Impact (Assets) >>>>>>>>> <<<Likelihood(ThreatsxVulnerabilities)>>> <<<<Correlated/AggregatedEvents>>>> <<<<<<< Correlated/Aggregated Events >>>>>>>>
  • 14. The Bigger Picture!!  Addressing Cyber Security is not so fundamentally different to Information Security.  Main difference is keeping up with growing opportunities and challenges (i.e. risks) in Cyber Space. These differences are created by:  Expanding technology and new, but converging, service offerings (e.g. cloud, social networking and mobile) landscape in the past twenty or so years.  The business and user interaction with new services like social networking and it's impact on personal data privacy, politics, etc..  Risk based approach required to fully understand the scale and impact of Cyber Threats.  Indicators for risk exposure and control effectiveness identifies key risks over time.  Data and system centric processes and key controls already exists for dealing with Cyber Threats.  Might require help from other disciplines such as criminologists, sociologists, psychologists. lawyers etc.. leading to people and behaviour centric controls.  Additional control types required but continuous maintenance and improvement activities to deal with risk at real time is important.
  • 15. The Bigger Picture!!.. (continue)  Approach covers risk identified across people and process activities not just technical.  Existing Information Security related standards, regulations and guidelines important to risk based approach for addressing Cyber Security.  Changes to old legislation, and new legislations, on computer misuse, fraud and abuse aim to further tighten the noose on individuals involved in Cyber Security breaches. Thank You!!Thank You!!