Upload
dinhdan
View
218
Download
3
Embed Size (px)
Citation preview
SESSION 304 Wednesday, April 13, 3:00pm - 4:00pm Track: Service Management Excellence
The Service Desk on the Front Lines of Cyber-Resilience
Bob Rice Director, Solutions3 LLC [email protected]
Session Description Headlines about security breaches and the theft of company intellectual property and personal and financial information are far too common. The service desk is key to ensuring the early detection of security events and providing the first-line response. So what role should the service desk play in early identification of security events, and how can the service desk best be prepared to respond? Are there best practices to provide guidance to develop robust cyber-protection? This session explores cyber-resilience best practices and the impact the service desk plays in response and cyber-resilience. Speaker Background Bob Rice is the director of professional services at Solutions3 LLC. From his experience as a help desk agent up through his current position, Bob has mentor and led organizations in the delivery and support of IT services, within commercial and federal classified projects. Bob has spoken at FUSION and LIG conferences, PMI events, and BrightTalk webinars. He has also authored ITIL, data center, and cloud computing courses.
The Service Desk on the Front Lines of Cyber-Resilience
Bob Rice
Agenda• What About Bob?
• Setting the Stage
• Risks and Challenges
• What Is Cyber Resilience?
• The Service Desk
• Call To Action
• Q&A
Bob Rice
Director, Professional Services Organization
Solutions3 LLC
• ITIL® Expert
• ITIL® Practitioner Courseware Reviewer
•RESILIA™ Certified
• Lean IT Certified
•Accredited ITIL®/RESILIA/Lean IT Trainer
• Service Management Process Consulting
• 30+ Years IT and Engineering
• itSMF Atlanta LIG Event Chair
What About Bob?Solutions3
•Award Winning IT Management
Consulting & Training Organization
• Specializing in Architecting,
Implementing, and Training for IT
Management Solutions
SETTING THE STAGEThe Service Desk on the Front Lines of Cyber-Resilience
Landscape Cyber Risks
Estimated cost of data breaches:
$2.1 Trillion By 2019
95%Cyber attacks
succeed due to human factors
$2.7 MillionAverage size of financial impact
48%Increase in
cyber incidents since 2014
(+42 Million)
$4.2 Trillion Internet Economy in
2016
13.5% to 23% Projected rise in
consumer internet purchases
2010 - 2016
94%Businesses with 10+
employees that conduct business
online
936 ExabytesGrowth in global
internet traffic from 2005 - 2015
>9 BillionConnected devices in
the world
Quick Survey
• How many of you know that your company
intellectual property (IP) has been compromised?
• How many of you know that your company IP has
NOT been compromised?
• What about your Personally Identifiable Information
(PII)? Is it safe?
Breaches In The News• FBI and DHS Breach (2/7/2016) – teenagers arrested, access provided by a help
desk agent
• Home Depot - 53 Million
• Target - 40 Million
• JP Morgan - 76 Million households / 8 Million small businesses
• Anthem – 1 in 3 Americans info stolen
• Office of Personnel Management - 21.5 Million SF86 forms stolen / 5.6 Million
fingerprint cards stolen
• Sony – Stolen IP (Movies, videos, etc.)
• Ashley Madison – many people embarrassed
Actual Scenario – A Targeted Attack
You are working on something that will potentially revolutionize an industry
• You include employer info on your social media pages and post photos and updates from victories at Tuesday night trivia at the local sports bar
• One night at the bar, you strike up a conversation with a new “friend” and talk about technology. The new “friend” lets it slip that they work for IBM.
• The new “friend” gives you a business card with the iconic blue IBM logoand offers some “swag” they have in their car, including an IBM coffee mug, T-shirt, mouse pad and 8-gig flash drive.
• The next morning at work you push the thumb drive into your computer.
• Within seconds, the company's entire email network is compromised, and hackers begin work scraping messages, documents, attachments and images.
Actual Scenario – Cyber Security Review
• A small company is very proud of the work it has done protecting their “data center”
• A consulting company recommends a security assessment
• CIO says that they don’t need an assessment, they are well protected
• The consultant suggests that the CIO allow him to check, and bets that he can be in the system in minutes
• The CIO agrees, and the consultant is in the network in 20 minutes by exploiting known vulnerabilities
• The CIO agrees to the security assessment and hires the consulting firm to assess and build a roadmap for improvement
Actual Scenario – Official Sounding Email
Email from someone I don’t know…
We are currently upgrading all Webmail email outlook access to the newly launched IT WEBMAIL 3GB Unlimited. In order to restore your full email access with the new version HTK4S anti-virus 2016, you need to click below to fill the re-activation form.
CLICK HERE
System Helpdesk.
RISKS AND CHALLENGESThe Service Desk on the Front Lines of Cyber-Resilience
Trends that Impact the Service Desk
• Bring Your Own Device (BYOD)
– Smartphones
– Tablets
– Laptops
• Internet of Things (IoT)
– Fitness devices
– Watches (Laptop->Connected to Email->Exchange Server)
• Social Media / Marketing
• Near Field Communication (NFC)
– Company and personal credit cards
– Easy to compromise with a portable Point of Sale device
• Culture – Attitudes and Behaviors
Introducing your staff and users:
• Ova A'Cheva – The Business manager
– “I don't care what your processes are, I need this and need it now!”
– “Security is IT’s responsibility, not mine!”
• Ima Geek – overly connected user
• Shirley U. Jokin – Admin
– Affinity password logging (Sticky notes under the keyboard)
– “I can't remember passwords, they're in my way!”
• Otter O'Fice – Sales/Marketing
– “I don't have time for passwords!”
– “Nothing can get in the way of closing a deal – especially security!”
• Vera I. Plannot – the VIP who always needs help, like yesterday…
Risks and Challenges• People are our strongest asset, but…
• No one is safe
• Threats are constantly adapting
• Threats are more targeted
• Compliance does not equal security
• Identifying Critical Information Assets
Making It Personal
It’s not just about the single individual and Personally Identifiable Information (PII)!
Making It Personal* It’s about you and who you are connected to *
Count on it - Big Data Analytics are being used by the crooks!
WHAT IS CYBER RESILIENCE?(AND WHERE CAN I GET SOME?)
The Service Desk on the Front Lines of Cyber-Resilience
Cyber Resilience References
• RESILIATM Cyber Resilience Best Practices
• NIST Cybersecurity Framework
• NIST Framework for Improving Critical Infrastructure Cybersecurity (PDF)
• NIST Special Publication 800-39 Managing Information Security Risk
• ISO27001
• ITIL®
• M_o_R (AXELOS – Management of Risk)
Based on Axelos RESILIAtm: Cyber Resilience Best Practices, 1st Edition, 2015.
Cyber Resilience
What is Cyber Resilience?
• “The ability to prevent, detect and recover from any impact that incidents
have on the information required to do business.”
• Cyber Resilience extends Cyber Security throughout the organization…
Based on Axelos RESILIAtm: Cyber Resilience Best Practices, 1st Edition, 2015.
Cyber Resilience
Resilience
The ability of a system or component
to resist an unplanned disturbance
or failure, and to recover in a timely
manner following any unplanned
disturbance or failure.
Security
The state of being free from danger
or threat.
• Involves protection of what is
important
• Often more emphasis on
prevention and less on recovery
from an incident
Based on Axelos RESILIAtm: Cyber Resilience Best Practices, 1st Edition, 2015.
THE SERVICE DESKThe Service Desk on the Front Lines of Cyber-Resilience
The Service Desk in Action
• Quick and effective response to cyber incidents
• Effective engagement of cyber resilience plans
• Security incident escalation
• Incident information capture at point of occurrence
• Initial implementation of risk mitigation plan
• Security incident response improvement
Preparation and Planning
• Expect Cyber Security incidents
– Risks cannot always be prevented
– Risk response should be based on the value of
an information asset and the probability of the
threat
• Have a plan to respond
– Based on each classification of information
asset criticality
– Define formal response teams
– Have a pre-defined communication plan
– Determine resources required for investigation
and forensic analysis
Execution
• Detect security incidents
– Identify “finger prints” of typical security incidents
– Update all scripts to include analysis points for potential security
incidents
– Have a single focal point for managing security incidents
– Triage all suspected security incidents to validate them and to identify
proper escalation
– Security incidents must be responded to quickly
– Consistency in response is important
Evidence
• Evidence Collection
– During the incident, evidence must be collected for potential legal
responses
– Defined procedures to preserve evidence must be included in the
planning for security incidents
– The Chain of Custody of the evidence is critical to the use of the
evidence in any legal action
Response
• Containment
– The immediate objective during a security incident response team
– This stops the “pain” from spreading and allows for subsequent
decisions
– Allows for further evidence to be collected
• Response
– Identify the required actions to eradicate the cause of the incident
– If a recovery is required, determine how to recover
Improve
• Continual Service Improvement
– Conduct post incident review of security
incident
– Some security incidents will be major
breaches (e.g. major incidents)
– If needed, identify root cause and determine
how to prevent future occurrences
– Test your plans and improve them
– Review the information assets involved and
determine additional security planning
needed
Anticipate Attack Vectors
Be Vigilant!
Phishing Spear-Phishing Trojans Viruses
Social Engineering Malware Hijacking Ransomware
Hacking DoS DDoS Infection
Spyware Keystroke Loggers Pre-Texting
• Train users what to expect
• Warn users when suspicious activity is identified
• Provide regular security awareness through service desk interaction
Ongoing Effort
• Stay Prepared and Informed
– Have a focal point that checks security sites for potential and active
threats
– Daily broadcast of potential and active threats to the service desk and
users
– Check out suspicious issues reported by users
• http://www.snopes.com/
• https://www.us-cert.gov/
• http://www.symantec.com/security_response/landing/threats.jsp
Training
• Service Desk Training
– RESILIA™
– Training on internal security policies
– Updates on scripts and procedures
– Service Management tool updates and training
• User Training
– Basic information at Anti-virus vendor pages
– Custom enterprise security training
– Weekly email updates
– Updates to internal webpages
CALL TO ACTIONThe Service Desk on the Front Lines of Cyber-Resilience
Call to Action
• What should the Service Desk do?
– Realize that the Service Desk is on the front lines of Cyber
Resilience
– Ensure the Service Desk is prepared to identify and respond
to cyber incidents
– Design a purposeful and effective cyber incident response
and recovery
– Encourage a cyber smart workforce
– Proactively identify threats and communicate them
Q & A
Thank you for attending this session.
Please don’t forget to complete a session evaluation!