1

Cybersecurity Governance and Analytics Initiatives€¦ · Cybersecurity Governance and Analytics Initiatives Amy R. Marcos Anand Raj Shah April 26, 2017. I ... Benefits and risks

  • Upload
    others

  • View
    14

  • Download
    0

Embed Size (px)

Citation preview

Cybersecurity Governance

and Analytics Initiatives

Amy R. Marcos

Anand Raj Shah

April 26, 2017

I. Introduction

i. Data Potential and Risks

ii. Changing Approach to Cybersecurity

II. Cybersecurity Overview

i. Best Practices

ii. Evaluating Your Cyber Risks

III. Cybersecurity and Analytics Initiatives

IV. Using Analytics to Achieve Better Cybersecurity

Discussion Overview

Cybersecurity Governance and Analytics Initiatives 2

Benefits and risks of big data are both growing and

maturing

Most organizations’ information volume doubles every 18-

24 months

Organizations are looking to take advantage of the

insights that can be gleaned from analytics initiatives

Cyber attacks are on the rise and the level of

sophistication and the frequency of attacks is increasing

Cybersecurity and the Big Data Era

Cybersecurity Governance and Analytics Initiatives 3

Big Data: Rewards and Risks

Cybersecurity Governance and Analytics Initiatives4Image and Headline Source:

https://thestack.com/

Cybersecurity Governance and Analytics Initiatives 5

Cybersecurity is “[t]he process of

protecting information and information

systems by preventing, detecting, and

responding to unauthorized access, use,

disclosure, disruption, modification, or

destruction in order to provide

confidentiality, integrity, and availability.”

Report on Securing and Growing the Digital Economy, Executive Office of

the President, United States Commission on Enhancing National

Cybersecurity (December 2016)

Cybersecurity at its Core

Data Breaches 2013-2016

Data Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Cyber Threat Landscape: By the Numbers

Cybersecurity Governance and Analytics Initiatives 6

Stroz Friedberg: 2017 Cybersecurity Predictions Report (Jan. 2017)

Changing Approach to Cybersecurity

Perimeter defense is

not enough

- No wall can prevent a

determined, well-

resourced hacker

Organizations need to

protect from within

- Identify data assets

- Manage data assets

- Mitigate risks to data

assets

Cybersecurity Governance and Analytics Initiatives 7

Image Source: Getty Images

Analytics and Cybersecurity - Best Practices

Know Your Data

Understand Risks

Understand Legal

Obligations

Cybersecurity Governance and Analytics Initiatives 8

#1: Know Your Data

To Protect Your Data, You Have to Understand What Data You Have and Where it is Stored

Cybersecurity Governance and Analytics Initiatives 9

#1: Know Your Data – Asset Management

Cybersecurity Governance and Analytics Initiatives 10

NIST

Cybersecurity

Framework: Step 1

- Identify Data

Assets

#1: Know Your Data – Business Environment

Cybersecurity Governance and Analytics Initiatives 11

NIST

Cybersecurity

Framework: Step 1

– Identify Business

Needs

#2: Understand Risk

What are the crown jewels for your organization and

what are the risks of exposure?

Who must be guarded against?

What types of attacks

could impact your data?- Malware/Ransomware

- Phishing

- Zero Days

- DDoS Attacks

- Insider Threats

- Adversarial Examples

Cybersecurity Governance and Analytics Initiatives 12

#2: Understand Risk – Evaluating Cybersecurity

Cybersecurity Governance and Analytics Initiatives 13

Integrity

Avail-ability

Confiden-tiality

Sensitivity Analysis:

Breach Impact Score =

Confidentiality [H/M/L] +

Integrity [H/M/L]

+Availability [H/M/L]

A “Cybersecurity Event” includes any

circumstance that compromises either (i)

the availability, confidentiality, or integrity

of any Employee Data, Customer Data,

Intellectual Property Data, or Operational

Data; or (ii) the physical, technical,

administrative, or organizational

safeguards put in place by the Company

to protect such data. A Security Breach

could be unauthorized access to,

acquisition of, disclosure of, or loss of

Company data.

#3: Understand Legal Obligations – Requirements

Is the data subject to regulatory

oversight, generally? (e.g., PII

with the FTC or State AsG)

Is the data subject to specific

regulatory oversight? (e.g.,

HHS-OCR HIPPA or NYDFS

Cyber Regulation)

What safeguards, procedures,

or other minimum security

requirements, if any, are

required? Are others

recommended?

Cybersecurity Governance and Analytics Initiatives 14

#3: Understand Legal Obligations – Taking Action

Cybersecurity Governance and Analytics Initiatives

Draft policies and procedures

that fit your organization’s

needs

Test your policies and

procedures with tabletops and

audits

Applying policies and

procedures to third-parties and

contracts

Designating responsibility for

governing cybersecurity efforts

15

1. Consider the security concerns of

your users and stakeholders

2. Control access to data (including

analytics) sensibly

3. Require strong passwords and

authentication

4. Store sensitive information

securely and protect it during

transmission (e.g., encryption)

5. Segment your network and monitor

who is trying to get in

6. Secure remote access with multi-

factor authentication

7. Security-by-design when

developing new products/services

8. Make sure your third-party service

providers implement reasonable

security measures

9. Put procedures in place to keep

your current security posture and

address emerging cyber threats

10. Secure paper, physical media, and

devices

#3: Understand Legal Obligations – 10 Lessons from

the Regulators and Courts

Cybersecurity Governance and Analytics Initiatives 16

Approaches to Analytics

Goals of Analytics

Data Protection for Analytics

Cybersecurity Governance and Analytics Initiatives

Analytics Initiatives – Maximizing Value and Minimizing

Cybersecurity Risk

17

Simplistic Pre-Processing

- Normalization of data from different sources or databases

Aggregation or Summarization of Data

- Identify basic statistical characteristics (e.g., median, mean)

Data Correlation

- Identify relationships between data points or across sets of data

Sophisticated Predictive or Judgmental Analytics

- Identification of patterns in data using statistical variance;

machine learning; artificial intelligence

Cybersecurity Governance and Analytics Initiatives

Approaches to Analytics

18

Support Analytics

Protect Data

Satisfy Legal

Obligations

Minimize Risk & Cost

Cybersecurity Governance and Analytics Initiatives

Executing a Successful Analytics Initiative

19

IG as a Coordinating

Function:

- Establish a mechanism and

framework whereby you

elicit the perspective of

each facet

- Balance the competing

concerns and goals of each

facet

Information Governance (IG) and Analytics Initiatives

Cybersecurity Governance and Analytics Initiatives 20

Image Source: Information Governance Initiative – Annual Report 2015-2016

Cybersecurity Governance and Analytics Initiatives 21

Understanding Data Sources for Analytics

Data Source 1

Data Source 2

Data Source 3

Data Source 4

Aggregated Data for Analytics

When data is pooled together, the most highly sensitive data

must govern how the data is treated

- Protecting data at rest, data in transit, and data during processing

Consider encryption for highly sensitive data used in Analytics

Initiatives

- Decrypt to run analytics with unencrypted data and then re-encrypt after

analytics completed

Future State of Cybersecurity for Analytics Initiatives

- Homomorphic Encryption

- Blockchain Technology

- Quantum Computing Threats

Cybersecurity Governance and Analytics Initiatives

Data Protection for Data Subject to Analytics

22

Smarter security –

evidence/intel-based

action

- Identify network-

specific threats

- Heuristics vs.

Algorithms

- Orchestrate your

solutions and data

repositories

Triage and find the

signal in the noise

Automate processes

to handle new data

points and end-

points

Cybersecurity Governance and Analytics Initiatives

Using Analytics to Achieve Better Cybersecurity

23

Image Source: FireEye - https://www.fireeye.com/products/security-orchestrator.html

Drinker Biddle & Reath LLP

1500 K Street N.W. Washington, DC 20005

(202) 842-8800

QUESTIONS?