1 1 1

A burden or a blessing?

Implement Security Logging & Monitoring

13 March 2014

Ingeborg Kortekaas

20 March 2014

2

Introduction

Ingeborg Kortekaas

Corporate Information Security Officer at NIBC

NIBC Bank N.V. (NIBC) is an entrepreneurial bank that

offers Corporate Banking and Consumer Banking

Headquartered in The Hague, also offices in Brussels,

Frankfurt and London

Number of employees ± 600

Who am I?

3

Table of Contents

Background 4

Objectives 5

Approach 6

Security Intelligence 7

Initial findings 8

Final outcome 9

Considerations 10

Next Steps 11

Questions 12

What is it about?

4

Background

Tightened statutory requirements

Increased supervision by regulators

Our former Managed Security Service (MSS) provider did

not meet NIBC’s expectations and requirements

Our former MSS needed an upgrade which could only be

executed with a new installation due to new technology

Unavailability of resources or specific knowledge within

NIBC to do it ourselves

What was good enough yesterday, is no longer sufficient today

5

Ability to show compliance and increase level of security

Objectives

Tracking user activities to prevent, detect and minimize the

impact of a data compromise

Allowing thorough tracking, alerting and analysis when

something does go wrong

Determining the cause of a compromise

6

Approach Risk-based approach, CIA-rating is leading

7

Security intelligence Iterative process that’s never finished

Delivers actionable and comprehensive insights

– allows you to make informed, proactive decisions

– helps to reduce security risks and operational costs

8

Initial findings

Insights

– Valuable knowledge about system activities and system

changes

Behavioral change

– Awareness that changes are logged and monitored

– Accountability in advance

Monitoring mechanisms

– Ability to monitor the proper execution of processes

Big brother is watching you

9

Ability to show compliance and increased level of security

Final outcome

Compliance Demonstrability

Optimized IT processes Increased security

10

Think carefully before you make a decision

Considerations

Involvement of business

Keep it simple

Connect output to existing processes

Governance is key

11

Next steps Roadmap security logging & monitoring

Tranche 0: Former situation with limited effectiveness

Tranche 1:

Basic SIEM, comply with policies

Tranche 2:

Evaluate solution, add additional systems, increase knowledge

Tranche 3:

Ability to use reporting and collection of data for complex analysis

Tranche 4: Dashboard to monitor compliance, ability to direct detection

2013 2014 2015

12

Questions Do you want to know more?