Abstract image of a woman sitting on books and studying on a laptop

Socio-technical Secuirty Value Chain

Download as PPTX, PDF
S
Stewart Kowalski

This document proposes a framework for a socio-technical security information and event management (ST-SIEM) system. The framework aims to improve security response at organizations by correlating technical security events with the risk escalation maturity levels of constituents, assigning risk factors based on an organization's security culture and technological posture. Next steps include testing the proposed "socio-technical correlation engine" through ex-post risk scenarios to determine appropriate risk factors as a function of security event attributes and an organization's risk maturity level. The goal is to develop a global socio-technical cyber security warning system that better contextualizes threats for different organizational contexts.

Internet
1 of 36
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
A Framework and Prototype for A Socio-Technical Security Information and Event Management System ST-SIEM Bilal AlSabbagh Department of Computer and Systems Science Stockholm University Stockholm, Sweden bilal@dsv.su.se Stewart Kowalski Norwegian Information Security Lab Center for Cyber and Information Security Norwegian University of Science and Technology Gjøvik, Norway stewart.kowalski@ntnu.no
2 Outline 19 slides 15 minutes! • Personal Introductions – Industrial Doctoral Student 1 slide – A very old jaded Cyber Security (Knowledge) Worker (3 slides ) • Meta Goal and Goal $ – (5 minutes - 6 slides) • Problem(s) and Background (s) – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
Bilal Al Sabbagh • Academic Credentials: – PhD Candidate, DSV, Stockholm University – Research Interests: • Social aspects of information security, security culture – Academic Degrees • MSc Information and Communication Systems Security, KTH, 2006 • BSc Computer Engineering, 2002 • Industrial Credentials – Information and Network Security Consultant at – Works full time with the security on the dot sa (Saudia Arabia), – Industrial Credentials • CISSP, CISA, CCSP, CCNA 3 10/2/2016 Bilal Al Sabbagh, - DSV
4JAG= A CUP THAT RUNNETH OVER My research work and industrial work in security stretch over 30 years and include both theoretical and empirical research in security and product and services.
5INDUSTRIAL VS UNIVERSITY WORK Deal with complex problems. Must give simple solutions. Deal with simple problems. Must give complex solutions. As a Professor “Swedish rumpnisse” in Norway I have earned the right to ask simple questions and give complex answers!
6 IT/IS SECURITY VALUE CHAIN Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988
7 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
8 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
9 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
10 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
11 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Econmics IT/IS SECURITY VALUE CHAIN
12 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
13 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Associate Professor 17 May 2010 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
14 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Full time academic 1st April 2011 Associate Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Business Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
Meta Goal of The Research • 7 year industrial doctoral research plan to investigate how best to add value $ to the socio- technical global cyber security value chain. In system X
Concrete Goal Open Source Security Event Management Systems- How to make it socio-technically efficient and or/Cheaper?
A Value Chain is • the interconnect group of industry participants that collectively create value for the end user. • If technologies or services are to succeed they must deliver financial or operational value at every stage of the chain. • For any technology or service to be adopted, each element on the chain must add value for the next element. Ref: The strategic Implications of Computing and the Internet on Wireless: The Competitive Blur Through 2008, Herschel Schoteck Associates. ) Meta-Goal
Security Spending Mental Models IT Workers individuals (Saudi Arabia) Personal Organizational Natiional Spending /Priority Deter Prevent Detect Correct Recover 18Bilal Al Sabbagh, Stewart Kowalski - DSV
Comparing Swedish and Norwegian Bank’s Security Value Chain Oct 2011
20 Concrete Value Chain Hardware Software Systems Services “the primary defining concept in a value chain is what the customer is willing to pay for” Porter 1985 The Competitive Advantage
Security Value Chain Concrete $ View Hardware Software System ServicesBuyers Total global market size for e-business security products in $ millions (2000–2005) 2000 2001 2002 2003 2004 2005 Access security 940 2,160 4,830 7,850 12,690 16,120 Communication security 810 1,610 2,970 4,680 7,340 9,040 Content security 660 1,300 2,390 3,700 5,660 6,910 Security Management 700 1,520 2,790 4,460 9,490 11,820 Services 410 1,020 2,390 4,610 9,050 14,780 Total 3,520 7,610 15,370 25,300 44,230 58,670 $ Security Incident Event Management Systems and Services $
Outline • Goal and Meta Goal $ – (5 minutes - 6 slides) • Concrete Problem and Background – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
National Computer Emergency Response Teams (CERT)s Role • Support organizations with security incident response capabilities • Provide actionable security information • Utilize several tools (SIEMs and others) for effectiveness and efficiency • Collects; prepare; process; enrich ; disseminate security information Background
Problems with Security Event Management Reduce False positives by ABC = Always be contextualizing Ref : https://www.linkedin.com/pulse/contextualization-security-analytics-niranjan-mayya Hardware Software System ServicesBuyers $ Security Incident Event Management Systems and Services $
ENISA HIGHLIGHTS • Actionable information disseminated by CERTs are not equally relevant (or even actionable) to constituents • Challenges for security managers how to respond to this information using their information security management systems (ISMS) Problem CERT.SE Company X SIEM Company X ISMS
Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 6 slides) • Questions and Next Steps – 5 minutes 2-slides
Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
Paper contribution 1 • Framework for a socio-technical SIEM to improve security response at organizations
Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
Framework for information security risk management and escalation Combination of NIST and ISO Frameworks
Risk escalation maturity levels Non- existent Repeatable Defined Managed Optimized Risk Escalation Maturity Awareness Responsibility Reporting Policies/Standards Knowledge/education Procedures/tools
Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
Security Event: Managed organization firewall has rejected a connection from a source host to the destination organization asset because the configured per-client connections limit was exceeded. Priority: 1 of 5 Reliability: 1 of 10 Targeted asset value: 4 of 5 (Asset in this case was the DNS server) Risk factor: 4 x 1 x 1 /25 = 0.16 of 10 Contribution 3 Page 73 of the user guide https://www.alienvault.com/doc-repo/usm/v5/USM-v5-User-Guide.pdf
34 Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 4 slides) • Next Steps and Your Suggestion Questions – 5 minutes 2-slides
Next Step Desk-Top/Ex-Post Risk Scenario Test of Socio-technical Correlation Engine Risk factor = f (security event technical attributes, organization risk escalation maturity level) ? EX-post Ex-Ante Risk Scenari o ? CERT.X Org ML3 Org ML3..MLN
A global Socio-Technical cyber security Warning Systems 36 >?<

More Related Content

PPTX
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PPTX
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PPTX
Progress towards security in the Cloud-Héctor Sánchez, Microsoft
Mind the Byte
 
PPTX
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PDF
Security fundamentals
SofoklisEfremidisAIT
 
PDF
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
360 BSI
 
PDF
Ethical Hacking Workshop is an essential for hackers
technoxian
 
PDF
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Progress towards security in the Cloud-Héctor Sánchez, Microsoft
Mind the Byte
 
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Security fundamentals
SofoklisEfremidisAIT
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
360 BSI
 
Ethical Hacking Workshop is an essential for hackers
technoxian
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
 

Viewers also liked (16)

PPTX
Allergy and Epi-pen
jkidd423
 
PPTX
secQme BodyGuard in your mobile phone
Khoo Shiang
 
PDF
Cert IV in Security & Risk Managment
Paul Harrison J.P.
 
PPT
Choosing the Right Fabric for Your Bespoke Suit
byDCLA
 
PPTX
BUSQUEDA EN INTERNET
villacorta25912
 
PPTX
Credit Card Computers and Their Application in HE
Thomas Danford
 
PDF
Barrington Ayre Shirtmaker & Tailor Brochure
Tom Wharton
 
PDF
Panel Discussion - Counterfeit Electronics and the Defense Authorization Bill
IHS
 
PPTX
Group Research & Proposal for Fashion Shoe Brand Eighthereal
Ena Teo Jia En
 
PDF
Security Framework for Digital Risk Managment
Securestorm
 
PPTX
Flavor components
emem amparo
 
PPT
Mens Fashion
TTC Webmaster
 
PPTX
Mobile Phone and SIM card cloning
Ankur Kumar
 
PPTX
Mobile phone cloning
Saisharan Amaravadhi
 
PPT
Epi pen presentation
vbiccum
 
PPT
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
skpatel91
 
Allergy and Epi-pen
jkidd423
 
secQme BodyGuard in your mobile phone
Khoo Shiang
 
Cert IV in Security & Risk Managment
Paul Harrison J.P.
 
Choosing the Right Fabric for Your Bespoke Suit
byDCLA
 
BUSQUEDA EN INTERNET
villacorta25912
 
Credit Card Computers and Their Application in HE
Thomas Danford
 
Barrington Ayre Shirtmaker & Tailor Brochure
Tom Wharton
 
Panel Discussion - Counterfeit Electronics and the Defense Authorization Bill
IHS
 
Group Research & Proposal for Fashion Shoe Brand Eighthereal
Ena Teo Jia En
 
Security Framework for Digital Risk Managment
Securestorm
 
Flavor components
emem amparo
 
Mens Fashion
TTC Webmaster
 
Mobile Phone and SIM card cloning
Ankur Kumar
 
Mobile phone cloning
Saisharan Amaravadhi
 
Epi pen presentation
vbiccum
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
skpatel91
 
Ad

Similar to Socio-technical Secuirty Value Chain (20)

PDF
Telecom security issues (Raoul Chiesa, day 1 )
ClubHack
 
PDF
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
David Shipley
 
PDF
Digital Self Defense at RIT
Ben Woelk, CISSP, CPTC
 
PDF
Agenda Security Helsinki 29okt2009
Anna Näsmark
 
PDF
nullcon 2010 - Corporate Security and Intelligence – the dark links
n|u - The Open Security Community
 
PPT
Cybercrime future perspectives
SensePost
 
PDF
Rothke stimulating your career as an information security professional
Ben Rothke
 
PPTX
Cyber Tekes Safety and Security programme 2013
Turvallisuus2013
 
PPTX
Digital self defense iia isaca it audit seminar
Ben Woelk, CISSP, CPTC
 
PDF
Nordic IT Security Forum 2015 Agenda
Copperberg
 
PDF
Wireless Security on Context (disponible en español)
Cisco Service Provider Mobility
 
PDF
Rethinking IT - Main Role of the IT Department
Axel Vanhooren
 
PDF
ICISS Newsletter Sept 14
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
PDF
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
PDF
GITA March 2015 Newsletter
Kevin Moore MSIT, MISM
 
PPTX
Digital Self Defense
Ben Woelk, CISSP, CPTC
 
PPTX
module_1_chapter_1.pptx
ArsalanT2
 
PPT
Introduction To Information Systems Security 365 765
Nicholas Davis
 
PPT
Introduction to information systems security 365 765
Nicholas Davis
 
PDF
Cyber security course in Trivandrum.ppt.
safvandotin16
 
Telecom security issues (Raoul Chiesa, day 1 )
ClubHack
 
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
David Shipley
 
Digital Self Defense at RIT
Ben Woelk, CISSP, CPTC
 
Agenda Security Helsinki 29okt2009
Anna Näsmark
 
nullcon 2010 - Corporate Security and Intelligence – the dark links
n|u - The Open Security Community
 
Cybercrime future perspectives
SensePost
 
Rothke stimulating your career as an information security professional
Ben Rothke
 
Cyber Tekes Safety and Security programme 2013
Turvallisuus2013
 
Digital self defense iia isaca it audit seminar
Ben Woelk, CISSP, CPTC
 
Nordic IT Security Forum 2015 Agenda
Copperberg
 
Wireless Security on Context (disponible en español)
Cisco Service Provider Mobility
 
Rethinking IT - Main Role of the IT Department
Axel Vanhooren
 
ICISS Newsletter Sept 14
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
GITA March 2015 Newsletter
Kevin Moore MSIT, MISM
 
Digital Self Defense
Ben Woelk, CISSP, CPTC
 
module_1_chapter_1.pptx
ArsalanT2
 
Introduction To Information Systems Security 365 765
Nicholas Davis
 
Introduction to information systems security 365 765
Nicholas Davis
 
Cyber security course in Trivandrum.ppt.
safvandotin16
 
Ad

Recently uploaded (20)

PDF
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PDF
Understand the Gitlab_presentation_task.pdf
ruhinisiyara
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PPTX
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PPTX
Database Information System - Management Information System
faizhossain3
 
PPTX
Cyber Hygine IN organizations in MSME or
paramkiet
 
PPTX
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
PDF
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
PPTX
AI_Cyberattack_Solutions AI AI AI AI .pptx
zayadeen2003
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPTX
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
PPTX
Reading as a good Form of Recreation
Raj Kumble
 
PPT
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
PPTX
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
Understand the Gitlab_presentation_task.pdf
ruhinisiyara
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
Database Information System - Management Information System
faizhossain3
 
Cyber Hygine IN organizations in MSME or
paramkiet
 
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
AI_Cyberattack_Solutions AI AI AI AI .pptx
zayadeen2003
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
Reading as a good Form of Recreation
Raj Kumble
 
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 

Socio-technical Secuirty Value Chain

  • 1. A Framework and Prototype for A Socio-Technical Security Information and Event Management System ST-SIEM Bilal AlSabbagh Department of Computer and Systems Science Stockholm University Stockholm, Sweden bilal@dsv.su.se Stewart Kowalski Norwegian Information Security Lab Center for Cyber and Information Security Norwegian University of Science and Technology Gjøvik, Norway stewart.kowalski@ntnu.no
  • 2. 2 Outline 19 slides 15 minutes! • Personal Introductions – Industrial Doctoral Student 1 slide – A very old jaded Cyber Security (Knowledge) Worker (3 slides ) • Meta Goal and Goal $ – (5 minutes - 6 slides) • Problem(s) and Background (s) – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
  • 3. Bilal Al Sabbagh • Academic Credentials: – PhD Candidate, DSV, Stockholm University – Research Interests: • Social aspects of information security, security culture – Academic Degrees • MSc Information and Communication Systems Security, KTH, 2006 • BSc Computer Engineering, 2002 • Industrial Credentials – Information and Network Security Consultant at – Works full time with the security on the dot sa (Saudia Arabia), – Industrial Credentials • CISSP, CISA, CCSP, CCNA 3 10/2/2016 Bilal Al Sabbagh, - DSV
  • 4. 4JAG= A CUP THAT RUNNETH OVER My research work and industrial work in security stretch over 30 years and include both theoretical and empirical research in security and product and services.
  • 5. 5INDUSTRIAL VS UNIVERSITY WORK Deal with complex problems. Must give simple solutions. Deal with simple problems. Must give complex solutions. As a Professor “Swedish rumpnisse” in Norway I have earned the right to ask simple questions and give complex answers!
  • 6. 6 IT/IS SECURITY VALUE CHAIN Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988
  • 7. 7 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  • 8. 8 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  • 9. 9 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  • 10. 10 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
  • 11. 11 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Econmics IT/IS SECURITY VALUE CHAIN
  • 12. 12 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
  • 13. 13 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Associate Professor 17 May 2010 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
  • 14. 14 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Full time academic 1st April 2011 Associate Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Business Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
  • 15. Meta Goal of The Research • 7 year industrial doctoral research plan to investigate how best to add value $ to the socio- technical global cyber security value chain. In system X
  • 16. Concrete Goal Open Source Security Event Management Systems- How to make it socio-technically efficient and or/Cheaper?
  • 17. A Value Chain is • the interconnect group of industry participants that collectively create value for the end user. • If technologies or services are to succeed they must deliver financial or operational value at every stage of the chain. • For any technology or service to be adopted, each element on the chain must add value for the next element. Ref: The strategic Implications of Computing and the Internet on Wireless: The Competitive Blur Through 2008, Herschel Schoteck Associates. ) Meta-Goal
  • 18. Security Spending Mental Models IT Workers individuals (Saudi Arabia) Personal Organizational Natiional Spending /Priority Deter Prevent Detect Correct Recover 18Bilal Al Sabbagh, Stewart Kowalski - DSV
  • 20. 20 Concrete Value Chain Hardware Software Systems Services “the primary defining concept in a value chain is what the customer is willing to pay for” Porter 1985 The Competitive Advantage
  • 21. Security Value Chain Concrete $ View Hardware Software System ServicesBuyers Total global market size for e-business security products in $ millions (2000–2005) 2000 2001 2002 2003 2004 2005 Access security 940 2,160 4,830 7,850 12,690 16,120 Communication security 810 1,610 2,970 4,680 7,340 9,040 Content security 660 1,300 2,390 3,700 5,660 6,910 Security Management 700 1,520 2,790 4,460 9,490 11,820 Services 410 1,020 2,390 4,610 9,050 14,780 Total 3,520 7,610 15,370 25,300 44,230 58,670 $ Security Incident Event Management Systems and Services $
  • 22. Outline • Goal and Meta Goal $ – (5 minutes - 6 slides) • Concrete Problem and Background – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
  • 23. National Computer Emergency Response Teams (CERT)s Role • Support organizations with security incident response capabilities • Provide actionable security information • Utilize several tools (SIEMs and others) for effectiveness and efficiency • Collects; prepare; process; enrich ; disseminate security information Background
  • 24. Problems with Security Event Management Reduce False positives by ABC = Always be contextualizing Ref : https://www.linkedin.com/pulse/contextualization-security-analytics-niranjan-mayya Hardware Software System ServicesBuyers $ Security Incident Event Management Systems and Services $
  • 25. ENISA HIGHLIGHTS • Actionable information disseminated by CERTs are not equally relevant (or even actionable) to constituents • Challenges for security managers how to respond to this information using their information security management systems (ISMS) Problem CERT.SE Company X SIEM Company X ISMS
  • 26. Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 6 slides) • Questions and Next Steps – 5 minutes 2-slides
  • 27. Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  • 28. Paper contribution 1 • Framework for a socio-technical SIEM to improve security response at organizations
  • 29. Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  • 30. Framework for information security risk management and escalation Combination of NIST and ISO Frameworks
  • 31. Risk escalation maturity levels Non- existent Repeatable Defined Managed Optimized Risk Escalation Maturity Awareness Responsibility Reporting Policies/Standards Knowledge/education Procedures/tools
  • 32. Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  • 33. Security Event: Managed organization firewall has rejected a connection from a source host to the destination organization asset because the configured per-client connections limit was exceeded. Priority: 1 of 5 Reliability: 1 of 10 Targeted asset value: 4 of 5 (Asset in this case was the DNS server) Risk factor: 4 x 1 x 1 /25 = 0.16 of 10 Contribution 3 Page 73 of the user guide https://www.alienvault.com/doc-repo/usm/v5/USM-v5-User-Guide.pdf
  • 34. 34 Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 4 slides) • Next Steps and Your Suggestion Questions – 5 minutes 2-slides
  • 35. Next Step Desk-Top/Ex-Post Risk Scenario Test of Socio-technical Correlation Engine Risk factor = f (security event technical attributes, organization risk escalation maturity level) ? EX-post Ex-Ante Risk Scenari o ? CERT.X Org ML3 Org ML3..MLN
  • 36. A global Socio-Technical cyber security Warning Systems 36 >?<