Finding and Protecting Your

Organization’s Crown Jewels

Doug Landoll , CEO Lantego

Background

2

• 25+ Years Experience in Information Security• Led Professional Service Organizations for

Several Large Consultancies• Assessed and Built Information Security

Programs for Federal Agencies, State Agencies, Universities, Hospitals, Major Retailers, and Internet Companies.

• Prepared over 2000+ students for security certifications

• Developed RIOT Data Gathering Method for Risk Assessment

• Revised Security Policy Development Approaches

Background

3

Work Smarter – Not Harder

Overview

Threat Update

Response - Spot Solutions

Crown Jewels Approach

Summary and Discussion

4

Threat Update

…Target Review

Information Security Breaches 2013-2015

6Symantec Internet Security Threat Report, April 2016

Information Security Breaches 2013-2015

7Symantec Internet Security Threat Report, April 2016

Overview

Threat Update

Response - Spot Solutions

Crown Jewels Approach

Summary and Discussion

8

Information Security Breach Response

Detection Initial Assessment

Triage Escalation

Analysis

Recovery

Post-Incident

9Parsons ProprietaryITAR CM.01.2014

Many Breaches Go Undiscovered / Unreported

Detecting intrusions and breaches64% - percentage of organizations that took greater than 90 days to detect a breach243 days – median number of days that attackers were present on a victim network before detection86% of breaches were reported by an external party (U.S. Justice Dept notified Target)

Information Security Breach Response

Detection

AnalysisImpact Analysis

Response Activities

Initial Recovery

Recovery

Post-Incident

10Parsons ProprietaryITAR CM.01.2014

Incident Response Mistakes:- Under-scoping incident- Improperly staffed response- Legal Missteps

Information Security Breach Response

Detection

Analysis

Recovery Impact Mitigation

Eradication Recovery

Post-Incident

11Parsons ProprietaryITAR CM.01.2014

Incident Recovery Mistakes:- Communication Errors- Incomplete Mitigation / Eradication

Information Security Breach Response

Detection

Analysis

Recovery

Post-Incident

Root Cause Analysis

Incident Costing

Prevention Activities

12Parsons ProprietaryITAR CM.01.2014

Post-Incident Response Mistakes:- Lack / Improper Root Cause Analysis- Incomplete Costing (e.g., operational, fines)- Effective Prevention

Typical Responses

Spot Solutions –

• Security Awareness

• System Hardening / Patching

• Access Control

• Network / System Monitoring

• Vulnerability Scanning / Penetration Testing

• Secure Development

• Email Filtering

• Boundary Defense

13Parsons ProprietaryITAR CM.01.2014

Overview

Threat Update

Response - Spot Solutions

Crown Jewels Approach

Summary and Discussion

14

Crown Jewel Approach

15Parsons ProprietaryITAR CM.01.2014

Threats Impact

Most Critical Data & Systems

All System Threats+ Unique threats+ Targeted attacks

Catastrophic Impact• upon system loss• upon data loss

Crown Jewels

16Parsons ProprietaryITAR CM.01.2014

Volume Impact

Most Critical Data & Systems

For most organizations –0.01% - 2.0% of total sensitive data

Represents up to 70% of sensitive data value

Source: U.S. President’s 2006 Economic Report to Congress

Crown Jewels Project

17ITAR CM.01.2014

Define For Each Business Unit:

Identify Critical Systems

Define Critical Data

Discover For Each Crown Jewel:

Identify Lifecycle,

Environment, and Flows

Identify System & Environment

Controls

Baseline For Each Crown Jewel:

Identify Requirements

Assess Control Effectiveness

Analyze Identify Control Gaps

Identify Security Risk

Prioritize Security Gaps

Secure Create Security Solution Sets

Deploy SolutionsMonitor Solutions

Crown Jewels Project

18ITAR CM.01.2014

Define

Discover

Baseline

Analyze

Secure

Application Risk Survey

Responses & Scoring

Required Controls

Controls Assessment

Risk Analysis

Solutions Development

Key Project Artifacts – Largely aided by automation (surveys, tools)

Crown Jewels Project Results

19Parsons Proprietary

Identification of Corporate “Crown Jewels”

Determination of Crown Jewel Risk

Limitation of Assessment to Most Impactful Elements

Creation of Security Controls Plan with Most Significant Risk Reduction

Less Work – More Results

Overview

Threat Update

Response - Spot Solutions

Crown Jewels Approach

Summary and Discussion

20

Applying Crown Jewel Lessons

21Parsons ProprietaryITAR CM.01.2014

Define

Discover

Baseline

Analyze

Secure

Next Week

• Identify Organization’s Security Assessment Plan

• Self vs. Third Party

• Frequency

• Rigor / Technique (tests vs. assessments)

• Determine Adequacy of Plan

Applying Crown Jewel Lessons

22Parsons ProprietaryITAR CM.01.2014

Define

Discover

Baseline

Analyze

Secure

Within 1 Month

• Identify and Review Contractual and Legal Security Requirements

• Review Latest Security Assessment Reports

• Identify Business Process Owners

Within 3 Months

• Conduct Crown Jewels Project

• Apply Lessons Learned

Thank You

Contacts Doug Landoll, CEO Lantego

• (512) 633-8405

• dlandoll@lantego.com

Slides

• Slideshare

23Parsons ProprietaryITAR CM.01.2014

Project Challenges

24Parsons ProprietaryITAR CM.01.2014

Define

Discover

Baseline

Analyze

Secure

1. Common Organizational Definition of “Crown Jewels”

2. Identification of Business Processes

3. Identification of Business / Systems Owners

4. Identifying a Business Champion