Finding and Protecting Your Organizations Crown Jewels

  • View
    272

  • Download
    2

Embed Size (px)

Text of Finding and Protecting Your Organizations Crown Jewels

  1. 1. Finding and Protecting Your Organizations Crown Jewels Doug Landoll , CEO Lantego
  2. 2. Background 2 25+ Years Experience in Information Security Led Professional Service Organizations for Several Large Consultancies Assessed and Built Information Security Programs for Federal Agencies, State Agencies, Universities, Hospitals, Major Retailers, and Internet Companies. Prepared over 2000+ students for security certifications Developed RIOT Data Gathering Method for Risk Assessment Revised Security Policy Development Approaches
  3. 3. Background 3 Work Smarter Not Harder
  4. 4. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 4
  5. 5. Threat Update Target Review
  6. 6. Information Security Breaches 2013-2015 6 Symantec Internet Security Threat Report, April 2016
  7. 7. Information Security Breaches 2013-2015 7 Symantec Internet Security Threat Report, April 2016
  8. 8. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 8
  9. 9. Information Security Breach Response Detection Initial Assessment Triage Escalation Analysis Recovery Post- Incident 9Parsons ProprietaryITAR CM.01.2014 Many Breaches Go Undiscovered / Unreported Detecting intrusions and breaches 64% - percentage of organizations that took greater than 90 days to detect a breach 243 days median number of days that attackers were present on a victim network before detection 86% of breaches were reported by an external party (U.S. Justice Dept notified Target)
  10. 10. Information Security Breach Response Detection Analysis Impact Analysis Response Activities Initial Recovery Recovery Post- Incident 10Parsons ProprietaryITAR CM.01.2014 Incident Response Mistakes: - Under-scoping incident - Improperly staffed response - Legal Missteps
  11. 11. Information Security Breach Response Detection Analysis Recovery Impact Mitigation Eradication Recovery Post- Incident 11Parsons ProprietaryITAR CM.01.2014 Incident Recovery Mistakes: - Communication Errors - Incomplete Mitigation / Eradication
  12. 12. Information Security Breach Response Detection Analysis Recovery Post- Incident Root Cause Analysis Incident Costing Prevention Activities 12Parsons ProprietaryITAR CM.01.2014 Post-Incident Response Mistakes: - Lack / Improper Root Cause Analysis - Incomplete Costing (e.g., operational, fines) - Effective Prevention
  13. 13. Typical Responses Spot Solutions Security Awareness System Hardening / Patching Access Control Network / System Monitoring Vulnerability Scanning / Penetration Testing Secure Development Email Filtering Boundary Defense 13Parsons ProprietaryITAR CM.01.2014
  14. 14. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 14
  15. 15. Crown Jewel Approach 15Parsons ProprietaryITAR CM.01.2014 Threats Impact Most Critical Data & Systems All System Threats + Unique threats + Targeted attacks Catastrophic Impact upon system loss upon data loss
  16. 16. Crown Jewels 16Parsons ProprietaryITAR CM.01.2014 Volume Impact Most Critical Data & Systems For most organizations 0.01% - 2.0% of total sensitive data Represents up to 70% of sensitive data value Source: U.S. Presidents 2006 Economic Report to Congress
  17. 17. Crown Jewels Project 17ITAR CM.01.2014 Define For Each Business Unit: Identify Critical Systems Define Critical Data Discover For Each Crown Jewel: Identify Lifecycle, Environment, and Flows Identify System & Environment Controls Baseline For Each Crown Jewel: Identify Requirements Assess Control Effectiveness Analyze Identify Control Gaps Identify Security Risk Prioritize Security Gaps Secure Create Security Solution Sets Deploy Solutions Monitor Solutions
  18. 18. Crown Jewels Project 18ITAR CM.01.2014 Define Discover Baseline Analyze Secure Application Risk Survey Responses & Scoring Required Controls Controls Assessment Risk Analysis Solutions Development Key Project Artifacts Largely aided by automation (surveys, tools)
  19. 19. Crown Jewels Project Results 19Parsons Proprietary Identification of Corporate Crown Jewels Determination of Crown Jewel Risk Limitation of Assessment to Most Impactful Elements Creation of Security Controls Plan with Most Significant Risk Reduction Less Work More Results
  20. 20. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 20
  21. 21. Applying Crown Jewel Lessons 21Parsons ProprietaryITAR CM.01.2014 Define Discover Baseline Analyze Secure Next Week Identify Organizations Security Assessment Plan Self vs. Third Party Frequency Rigor / Technique (tests vs. assessments) Determine Adequacy of Plan
  22. 22. Applying Crown Jewel Lessons 22Parsons ProprietaryITAR CM.01.2014 Define Discover Baseline Analyze Secure Within 1 Month Identify and Review Contractual and Legal Security Requirements Review Latest Security Assessment Reports Identify Business Process Owners Within 3 Months Conduct Crown Jewels Project Apply Lessons Learned
  23. 23. Thank You Contacts Doug Landoll, CEO Lantego (512) 633-8405 dlandoll@lantego.com Slides Slideshare 23 Parsons ProprietaryITAR CM.01.2014
  24. 24. Project Challenges 24Parsons ProprietaryITAR CM.01.2014 Define Discover Baseline Analyze Secure 1. Common Organizational Definition of Crown Jewels 2. Identification of Business Processes 3. Identification of Business / Systems Owners 4. Identifying a Business Champion