Upload
docong
View
215
Download
0
Embed Size (px)
Citation preview
1 1 1
A burden or a blessing?
Implement Security Logging & Monitoring
13 March 2014
Ingeborg Kortekaas
20 March 2014
2
Introduction
Ingeborg Kortekaas
Corporate Information Security Officer at NIBC
NIBC Bank N.V. (NIBC) is an entrepreneurial bank that
offers Corporate Banking and Consumer Banking
Headquartered in The Hague, also offices in Brussels,
Frankfurt and London
Number of employees ± 600
Who am I?
3
Table of Contents
Background 4
Objectives 5
Approach 6
Security Intelligence 7
Initial findings 8
Final outcome 9
Considerations 10
Next Steps 11
Questions 12
What is it about?
4
Background
Tightened statutory requirements
Increased supervision by regulators
Our former Managed Security Service (MSS) provider did
not meet NIBC’s expectations and requirements
Our former MSS needed an upgrade which could only be
executed with a new installation due to new technology
Unavailability of resources or specific knowledge within
NIBC to do it ourselves
What was good enough yesterday, is no longer sufficient today
5
Ability to show compliance and increase level of security
Objectives
Tracking user activities to prevent, detect and minimize the
impact of a data compromise
Allowing thorough tracking, alerting and analysis when
something does go wrong
Determining the cause of a compromise
7
Security intelligence Iterative process that’s never finished
Delivers actionable and comprehensive insights
– allows you to make informed, proactive decisions
– helps to reduce security risks and operational costs
8
Initial findings
Insights
– Valuable knowledge about system activities and system
changes
Behavioral change
– Awareness that changes are logged and monitored
– Accountability in advance
Monitoring mechanisms
– Ability to monitor the proper execution of processes
Big brother is watching you
9
Ability to show compliance and increased level of security
Final outcome
Compliance Demonstrability
Optimized IT processes Increased security
10
Think carefully before you make a decision
Considerations
Involvement of business
Keep it simple
Connect output to existing processes
Governance is key
11
Next steps Roadmap security logging & monitoring
Tranche 0: Former situation with limited effectiveness
Tranche 1:
Basic SIEM, comply with policies
Tranche 2:
Evaluate solution, add additional systems, increase knowledge
Tranche 3:
Ability to use reporting and collection of data for complex analysis
Tranche 4: Dashboard to monitor compliance, ability to direct detection
2013 2014 2015