SlideShare a Scribd company logo

Just Trust Everyone and We Will Be Fine, Right?

Download as PPTX, PDF
Scott Carlson
Scott Carlson

As a CISO, you have been asked why you can't just trust your employees to do the right thing. What benefit to the business comes from technical security controls? You have likely been asked to reduce risk and action every funded project at once. In this session, we will realistically consider which projects can reduce risk most quickly, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface can bring peace of mind and actual direct improvements to your information security posture.

Technology
1 of 12
Just Trust Everyone and We Will Be Fine, Right? Scott Carlson - BeyondTrust As a CISO, you have been asked why you can't just trust your employees to do the right thing. What benefit to the business comes from technical security controls? You have likely been asked to reduce risk and action every funded project at once. In this session, we will realistically consider which projects can reduce risk most quickly, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface can bring peace of mind and actual direct improvements to your information security posture.
Our Information Security Implementation Plan
Target senior leaders and understand their language Focus on business and risk issues of concern to key leaders Focus on solving problems and controlling risk **** NOT technology solutions *** Identify and Produce metrics that matter to your audience • Gain alignment for needed improvements based on business risks • Requires strong reporting tools and analytics • Avoid embarrassing individuals but inform (wall of shame) • Produce trend charts that show progress Provide limited, general reporting and TELL THE TRUTH Develop effective communications 7
Gain business leaders’ sponsorship • Define accountabilities and ownership across key organizations • Establish metrics • # assets with owner / custodian identified • # assets with recommended protection What are your crown jewels and where are they? • Not easy to define the crown jewels and get agreement from business leadership • Often, crown jewels are loosely managed across servers & end-user devices Move them to stronger controlled environments • e.g., hardened repositories, strong MF authentication, VDI, data leakage, digital rights management) and upgrade business processes Review and continually manage access, with a manual process if you need Restrict administrator access when possible • Monitor and alert Identify and protect the crown jewels. 8
Make it hard for attackers to gain privileged access Use strong multi-factor authentication Drive least-privilege management processes and solutions • Include end-points where most initial attacks are focused • Enable system and application management without admin privileges Implement privileged password management solutions • Eliminate shared passwords • Passwords automatically changed on every use • Eliminate hard-coded passwords • Dual control / approval for critical systems Tightly manage privileged access 9
Integrate vulnerability issues with privileged access • Deny privileged access with critical vulnerabilities after certain time Align Security and IT Ops teams • By policy, all aspects of security must be key operational requirements • Defined patch timetable by asset class • Shutdown if critical issues not addressed • Variance approved by leadership if allowed to operate past deadline • Joint improvement program driven by business requirements and metrics • Requires excellent analytics and reporting • Fix defective operational processes that enable or leave vulnerabilities • New system deployments • Application accountability and patching Get Smarter About Vulnerability Management 10
Gain business leaders’ sponsorship • Train users to report phishing • Turn users into human detectors • Requires a reporting solution and a rapid response Establish a threat intelligence program • Collect feeds from both open sources and subscription sources • Collaborate with others inside your industry and overall leaders to stay abreast of current techniques, tactics, and procedures. • Continually block bad internet addresses, domains, other indicators of compromise (files) Detect, alert & block crown jewel exfiltration • Best to tag crown jewels by type and control based on policies defined by owner Monitor inbound files for malware • Much more difficult than AV or IPS • Requires sandbox solutions or other solutions that monitor behavior Monitor and alert on unusual application activities and access to crown jewels • Alert when certain applications doing unusual things (spawning processes) • What applications are allowed to access sensitive data by class (whitelist) Monitor and filter outbound traffic • Prevent traffic to uncategorized URLs • Can be challenging to categorize some traffic but results in strong improvements Improve your ability to detect attacks 11
Thank You! Scott Carlson @scottophile

Recommended

Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...gemmarie1
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass
 
How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentZivaro Inc
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systemsCognic Systems Pvt Ltd
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Marco Di Martino
 
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protectioncentralohioissa
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungardCheryl Goldberg
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity nado-web
 

Recommended

Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...gemmarie1
 
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...
Bitglass Webinar - BlueCross BlueShield of Tennessee's CASB Journey to Secure...Bitglass
 
How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentZivaro Inc
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systemsCognic Systems Pvt Ltd
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Marco Di Martino
 
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protectioncentralohioissa
 
collateral_datasheet_sungard
collateral_datasheet_sungardcollateral_datasheet_sungard
collateral_datasheet_sungardCheryl Goldberg
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity nado-web
 
Soc
SocSoc
SocMukesh Chaudhari
 
Security Essentials
Security EssentialsSecurity Essentials
Security EssentialsAshley Deuble
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
SanerNow Endpoint Management
SanerNow Endpoint ManagementSanerNow Endpoint Management
SanerNow Endpoint ManagementSecPod Technologies
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPHuntsman Security
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Community IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT Innovators
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security ManagementNick Krym
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Managing and securing mobile devices
Managing and securing mobile devicesManaging and securing mobile devices
Managing and securing mobile devicesSoftchoice Corporation
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centersNarendran Vaideeswaran
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]AgilePractitionersIL
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony David Sweigert
 
Cyber ark training
Cyber ark trainingCyber ark training
Cyber ark trainingGlobal Online Trainings
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 

More Related Content

What's hot

Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPHuntsman Security
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Community IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT Innovators
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security ManagementNick Krym
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centersNarendran Vaideeswaran
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]AgilePractitionersIL
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony David Sweigert
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 

What's hot (20)

Soc
SocSoc
Soc
 
Security Essentials
Security EssentialsSecurity Essentials
Security Essentials
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling you
 
SanerNow Endpoint Management
SanerNow Endpoint ManagementSanerNow Endpoint Management
SanerNow Endpoint Management
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Community IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security PolicyCommunity IT - Crafting Nonprofit IT Security Policy
Community IT - Crafting Nonprofit IT Security Policy
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security Management
 
CyberArk
CyberArkCyberArk
CyberArk
 
Managing and securing mobile devices
Managing and securing mobile devicesManaging and securing mobile devices
Managing and securing mobile devices
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centers
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
 
Cyber ark training
Cyber ark trainingCyber ark training
Cyber ark training
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 

Viewers also liked

RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Wendy Nather
 
How to Make a Decent PowerPoint
How to Make a Decent PowerPointHow to Make a Decent PowerPoint
How to Make a Decent PowerPointAdam Fowler
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
Distributed Denial Of Service Introduction
Distributed Denial Of Service IntroductionDistributed Denial Of Service Introduction
Distributed Denial Of Service Introductionwremes
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko HypponenMikko Hypponen
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for DummiesTripwire
 
RDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization dataRDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization dataDave Lewis
 
RDrew Elevator Speech
RDrew Elevator SpeechRDrew Elevator Speech
RDrew Elevator SpeechRon Drew
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...Tripwire
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internetBrian Honan
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honanBrian Honan
 

Viewers also liked (16)

RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?Tactical Edge - How Much Security Do You Really Need?
Tactical Edge - How Much Security Do You Really Need?
 
How to Make a Decent PowerPoint
How to Make a Decent PowerPointHow to Make a Decent PowerPoint
How to Make a Decent PowerPoint
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 
Distributed Denial Of Service Introduction
Distributed Denial Of Service IntroductionDistributed Denial Of Service Introduction
Distributed Denial Of Service Introduction
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec Avengers
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for Dummies
 
RDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization dataRDF and other linked data standards — how to make use of big localization data
RDF and other linked data standards — how to make use of big localization data
 
RDrew Elevator Speech
RDrew Elevator SpeechRDrew Elevator Speech
RDrew Elevator Speech
 
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internet
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honan
 
Build a Better Entrepreneur Pitch Deck
Build a Better Entrepreneur Pitch DeckBuild a Better Entrepreneur Pitch Deck
Build a Better Entrepreneur Pitch Deck
 

Similar to Just Trust Everyone and We Will Be Fine, Right?

SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnSamuel Reed
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management SolutionsLexComply
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019Fahad Al-Hasan
 

Similar to Just Trust Everyone and We Will Be Fine, Right? (20)

SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Practical Defense
Practical DefensePractical Defense
Practical Defense
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management Solutions
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
 

More from Scott Carlson

What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?Scott Carlson
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityTrust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityScott Carlson
 
RSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityRSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityScott Carlson
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterScott Carlson
 
Can Security & Agility Co-Exist
Can Security & Agility Co-ExistCan Security & Agility Co-Exist
Can Security & Agility Co-ExistScott Carlson
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
HP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupHP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupScott Carlson
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Scott Carlson
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesMcAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesScott Carlson
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Scott Carlson
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013Scott Carlson
 

More from Scott Carlson (13)

What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityTrust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivity
 
RSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityRSA 2016 Realities of Data Security
RSA 2016 Realities of Data Security
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack Security
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
 
Can Security & Agility Co-Exist
Can Security & Agility Co-ExistCan Security & Agility Co-Exist
Can Security & Agility Co-Exist
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
HP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupHP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo Group
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesMcAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
 

Recently uploaded

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Just Trust Everyone and We Will Be Fine, Right?

  • 1. Just Trust Everyone and We Will Be Fine, Right? Scott Carlson - BeyondTrust As a CISO, you have been asked why you can't just trust your employees to do the right thing. What benefit to the business comes from technical security controls? You have likely been asked to reduce risk and action every funded project at once. In this session, we will realistically consider which projects can reduce risk most quickly, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface can bring peace of mind and actual direct improvements to your information security posture.
  • 2.
  • 3.
  • 4.
  • 5. Our Information Security Implementation Plan
  • 6.
  • 7. Target senior leaders and understand their language Focus on business and risk issues of concern to key leaders Focus on solving problems and controlling risk **** NOT technology solutions *** Identify and Produce metrics that matter to your audience • Gain alignment for needed improvements based on business risks • Requires strong reporting tools and analytics • Avoid embarrassing individuals but inform (wall of shame) • Produce trend charts that show progress Provide limited, general reporting and TELL THE TRUTH Develop effective communications 7
  • 8. Gain business leaders’ sponsorship • Define accountabilities and ownership across key organizations • Establish metrics • # assets with owner / custodian identified • # assets with recommended protection What are your crown jewels and where are they? • Not easy to define the crown jewels and get agreement from business leadership • Often, crown jewels are loosely managed across servers & end-user devices Move them to stronger controlled environments • e.g., hardened repositories, strong MF authentication, VDI, data leakage, digital rights management) and upgrade business processes Review and continually manage access, with a manual process if you need Restrict administrator access when possible • Monitor and alert Identify and protect the crown jewels. 8
  • 9. Make it hard for attackers to gain privileged access Use strong multi-factor authentication Drive least-privilege management processes and solutions • Include end-points where most initial attacks are focused • Enable system and application management without admin privileges Implement privileged password management solutions • Eliminate shared passwords • Passwords automatically changed on every use • Eliminate hard-coded passwords • Dual control / approval for critical systems Tightly manage privileged access 9
  • 10. Integrate vulnerability issues with privileged access • Deny privileged access with critical vulnerabilities after certain time Align Security and IT Ops teams • By policy, all aspects of security must be key operational requirements • Defined patch timetable by asset class • Shutdown if critical issues not addressed • Variance approved by leadership if allowed to operate past deadline • Joint improvement program driven by business requirements and metrics • Requires excellent analytics and reporting • Fix defective operational processes that enable or leave vulnerabilities • New system deployments • Application accountability and patching Get Smarter About Vulnerability Management 10
  • 11. Gain business leaders’ sponsorship • Train users to report phishing • Turn users into human detectors • Requires a reporting solution and a rapid response Establish a threat intelligence program • Collect feeds from both open sources and subscription sources • Collaborate with others inside your industry and overall leaders to stay abreast of current techniques, tactics, and procedures. • Continually block bad internet addresses, domains, other indicators of compromise (files) Detect, alert & block crown jewel exfiltration • Best to tag crown jewels by type and control based on policies defined by owner Monitor inbound files for malware • Much more difficult than AV or IPS • Requires sandbox solutions or other solutions that monitor behavior Monitor and alert on unusual application activities and access to crown jewels • Alert when certain applications doing unusual things (spawning processes) • What applications are allowed to access sensitive data by class (whitelist) Monitor and filter outbound traffic • Prevent traffic to uncategorized URLs • Can be challenging to categorize some traffic but results in strong improvements Improve your ability to detect attacks 11

Editor's Notes

  1. Who looks like this in the audience - this is the first reaction when we are asked to trust
  2. Looks like a standard enterprise corporate network, like a patchwork of applications, a patchwork of capabilities. I know *I* for one can figure out where all of my stuff is in this mess. Why wouldn’t you trust people to be able to navigate this??? BECAUSE THEY ARE HUMAN!
  3. control your environment, you cannot trust it. Trusting your people is fine - you have to trust them to do their jobs, etc.