Upload
buixuyen
View
219
Download
0
Embed Size (px)
Citation preview
Proprietary and Confidential — External Use Only
1 Risk Mitigation Considerations Hayden M. McKaskle
Proprietary and Confidential — External Use Only
Creating a DefensibleInformation Security Strategy
November 17, 2017
Hayden M. McKaskle
Proprietary and Confidential — External Use Only
2 Risk Mitigation Considerations Hayden M. McKaskle
Proprietary and Confidential — External Use Only
Risk Mitigation Considerations Hayden M. McKaskle
Kroll Overview
Creating a Defensible Information Security Strategy
1
Proprietary and Confidential — External Use Only
3 Risk Mitigation Considerations Hayden M. McKaskle
Cyber SecurityIncident ResponseData Breach Notification
Kroll Overview
Our History & Expertise >40 years of experience 55 Offices across 26 Countries 1,100+ employees
OUR SOLUTIONS
SPAN
Investigations
Compliance
InformationSecurity & Assurance
Physical Security
Due Diligence
Proprietary and Confidential — External Use Only
4 Risk Mitigation Considerations Hayden M. McKaskle
Globally Recognized Leader
World renowned planning and investigative experience combined with state of the art technological tools
Recognized experts previously with the FBI, federal and state law enforcement, cybersecurity consulting and research firms, and large corporate cybersecurity teams
Foundation of Capabilities
Global Incident Response Partner by Carbon Black (Bit9)
Leader of Notification Industry“The Forrester WaveTM Report
Best Cyber Security Consultancy
Now 2017 – 5 years running!
Proprietary and Confidential — External Use Only
5 Risk Mitigation Considerations Hayden M. McKaskle
End To End InfoSec Lifecycle Services
Prepare & Prevent
Investigate & Respond
Remediate & Restore
Proactiveand
ReactiveCapabilities
Risk Assessments
Maturity Reviews
CISO Advisory Services
Cyber Policy Review & Design
Cyber Awareness Training
Incident Response Plan and Tabletop Exercises
Penetration Testing
Vulnerability Scanning
Third Party Cyber Audits and Reviews
QSA Services
CyberDetectER ThreatMonitoring
Computer Forensics
Incident ResponseManagement
Data Collection & Preservation
Data Recovery & Forensic Analysis
Malware and Advanced Persistent Threat Detection
Cyber Litigation Support
CyberDetectER Threat Monitoring
PFI Services
B2B: Data Breach Response Notification Letters
Call Center Services
Credit Monitoring (Kroll Branded)
Identity Theft Restoration (Kroll Branded)
Identity Monitoring (Kroll Branded)
B2B2C: Consumer ID Theft Protection Services IDShield Powered by Kroll (e.g.
LegalShield)
ID Theft Smart (e.g. HSB)
ID Theft Defense (e.g. Primerica)
Proprietary and Confidential — External Use Only
6 Risk Mitigation Considerations Hayden M. McKaskle
Data Breach Victims Everywhere….
Proprietary and Confidential — External Use Only
7 Risk Mitigation Considerations Hayden M. McKaskle
Attack Vectors Evolve
Proprietary and Confidential — External Use Only
8 Risk Mitigation Considerations Hayden M. McKaskle
Threats Growing ExponentiallyGlobal Pandemics Becoming the New Normal
Proprietary and Confidential — External Use Only
9 Risk Mitigation Considerations Hayden M. McKaskle
And the incident is just the beginning…
Regulatory Agencies and State AG’s Levying Fines Against Victims
Proprietary and Confidential — External Use Only
10 Risk Mitigation Considerations Hayden M. McKaskle
Record Breaking Fines…
Proprietary and Confidential — External Use Only
11 Risk Mitigation Considerations Hayden M. McKaskle
The Compliance Machine
Proprietary and Confidential — External Use Only
12 Risk Mitigation Considerations Hayden M. McKaskle
20 CSC is Minimum Standard
The 20 Critical Security Controls “identify a minimum level of information security that all organizations that collect or maintain personal information should meet.
The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.
California Data Breach Report (Feb 2016) Attorney Gen. Kamala D. Harris
Proprietary and Confidential — External Use Only
13 Risk Mitigation Considerations Hayden M. McKaskle
Proprietary and Confidential — External Use Only
Risk Mitigation Considerations Hayden M. McKaskle
Creating a Defensible Information Security Strategy
Creating a Defensible Information Security Strategy
2
Proprietary and Confidential — External Use Only
14 Risk Mitigation Considerations Hayden M. McKaskle
Strategic Components
Set the Narrative
Leverage a Framework
Demonstrate Maturity
Proprietary and Confidential — External Use Only
15 Risk Mitigation Considerations Hayden M. McKaskle
Strategic Components
Set the Narrative
Leverage a Framework
Demonstrate Maturity
Proprietary and Confidential — External Use Only
16 Risk Mitigation Considerations Hayden M. McKaskle
What is Your Narrative?
Reasonable Measures Implemented
Attacker Used Extraordinary Methods
Rapidly Detect and Effectively Respond
Proprietary and Confidential — External Use Only
17 Risk Mitigation Considerations Hayden M. McKaskle
InfoSec Theory Evolution
Perimeter
Defense In Depth
Assumption of Breach
Proprietary and Confidential — External Use Only
18 Risk Mitigation Considerations Hayden M. McKaskle
Assumptions of Breach Theory
Issue“With enough time,
resources and commitment, any attacker will be able to
penetrate a network.”
SolutionAssess the risk and impact related to the various data workflows in the network.
Proprietary and Confidential — External Use Only
19 Risk Mitigation Considerations Hayden M. McKaskle
Where is your sensitive/ regulated data?
Creation
Transmission
Reproduction
Physical Transport
Storage
Disposal
Intellectual Property
Proprietary and Confidential — External Use Only
20 Risk Mitigation Considerations Hayden M. McKaskle
Strategic Components
Set the Narrative
Leverage a Framework
Demonstrate Maturity
Proprietary and Confidential — External Use Only
21 Risk Mitigation Considerations Hayden M. McKaskle
Leverage A Framework
Proprietary and Confidential — External Use Only
22 Risk Mitigation Considerations Hayden M. McKaskle
Benefits and Caveats of Cybersecurity Framework
Caveats Benefits
Proprietary and Confidential — External Use Only
23 Risk Mitigation Considerations Hayden M. McKaskle
Using the Same Language: Executives to Operations
Current Cybersecurity Posture
Target State for Cybersecurity
Priorities & Repeatable Process
Progress Toward Target State
Internal and External Stakeholders
Proprietary and Confidential — External Use Only
24 Risk Mitigation Considerations Hayden M. McKaskle
Framework Core: Functional & Risk-Based What assets need
protection
What safeguards are available?
What techniques can identify incidents?
What techniques can contain impacts of incidents?
What techniques can restore capabilities?
Proprietary and Confidential — External Use Only
25 Risk Mitigation Considerations Hayden M. McKaskle
Strategic Components
Set the Narrative
Leverage a Framework
Demonstrate Maturity
Proprietary and Confidential — External Use Only
26 Risk Mitigation Considerations Hayden M. McKaskle
Framework Implementation Tiers
Tier 1 Partial
Tier 2 Risk-Informed
Tier 3 Repeatable
Tier 4Adaptive
FRAMEWORK IMPLEMENTATION TIERS
TIER 1 Partial Risk-management is ad hoc, with limited awareness of risks and no collaboration with others
TIER 2 Risk Informed
Risk-management processes and program are in place but are not integrated enterprise-wide; collaboration is understood but organization lacks formal capabilities
TIER 3 Repeatable Formal policies for risk-management processes and programs are in place enterprise-wide, with partial external collaboration
TIER 4 Adaptive Risk-management processes and programs are based on lessons learned and embedded in culture, proactive collaboration
Proprietary and Confidential — External Use Only
27 Risk Mitigation Considerations Hayden M. McKaskle
Typical Assessment Maturity Findings PEOPLE
Highly balkanized organization structure Strong personnel with good knowledge base Lack of well defined roles and responsibilities Inability to detect and respond to an incident rapidly
PROCESSES Lack of a formal IR policy Existing processes are not well defined (event types, tripwires, containment, etc.) Immature operation procedures Lack of functional documentation including guidelines
TECHNOLOGY Overreliance on a tool based strategy
Proprietary and Confidential — External Use Only
28 Risk Mitigation Considerations Hayden M. McKaskle
Tool Based Strategy?
Technical Controls Operations Governance
Most Data Breaches Occur When This Strategy Is Used!
Proprietary and Confidential — External Use Only
29 Risk Mitigation Considerations Hayden M. McKaskle
Most Effective Strategy to Mitigate Risk!
Governance Operations Technical Controls
Proprietary and Confidential — External Use Only
30 Risk Mitigation Considerations Hayden M. McKaskle
Summary
Have a narrative before the incident
Choose and implement a cybersecurity framework
Use governance structures to operationalize the framework
InfoSec Maturity= detect and respond capability
Proprietary and Confidential — External Use Only
31 Risk Mitigation Considerations Hayden M. McKaskle
Future War Stories
Proprietary and Confidential — External Use Only
32 Risk Mitigation Considerations Hayden M. McKaskle
Discussion
Hayden McKaskleDirector, Cyber Security & Breach Notification100 Centerview DriveNashville, TN [email protected](o) 615.577.6758 (c) 615-806-5357