the Americas
colin.mckinty@baesystems.com
April 2016
- Главная
- Разное
- Дизайн
- Бизнес и предпринимательство
- Аналитика
- Образование
- Развлечения
- Красота и здоровье
- Финансы
- Государство
- Путешествия
- Спорт
- Недвижимость
- Армия
- Графика
- Культурология
- Еда и кулинария
- Лингвистика
- Английский язык
- Астрономия
- Алгебра
- Биология
- География
- Детские презентации
- Информатика
- История
- Литература
- Маркетинг
- Математика
- Медицина
- Менеджмент
- Музыка
- МХК
- Немецкий язык
- ОБЖ
- Обществознание
- Окружающий мир
- Педагогика
- Русский язык
- Технология
- Физика
- Философия
- Химия
- Шаблоны, картинки для презентаций
- Экология
- Экономика
- Юриспруденция
Cyber Preparedness презентация
Содержание
- 1. Cyber Preparedness
- 2. Cyber Preparedness
- 3. Cyber Preparedness
- 4. Technology? Security team? Processes? Where Does Cyber Preparedness Begin?
- 5. It starts with The Board.
- 6. Why Should They Care?
- 7. The Obvious
- 8. Reducing Risk. Enables Growth.
- 9. Cyber Preparedness
- 10. Fire started in a NJ home last
- 11. Effective Smoke Detection Consider where
- 12. Have a Plan for When the
- 13. What if there’s a “fire” in your
- 14. Hierarchy of Security Needs To be fully
- 15. Prevention: Still Important
- 16. Balancing Spend Allocations Prevention Detection Response
- 17. detect the incident. The ability to
- 18. Detection Too many bad guys/attacks Bad guys
- 19. Analytics Techniques Attacks Detection Techniques
- 20. Characteristics of Behavioral Analytics
- 21. Detection needs to driven by a
- 22. Cyber Preparedness
- 23. Response
- 24. Having proper analysis capabilities requires both trained
- 25. A PLAN vs A FRAMEWORK "No plan
- 26. FRAMEWORK Authority and Scope Team Members and
- 27. The most critical component in any Incident
- 28. IR Team Primary team Extended team Third parties
- 29. Primary Security Team IR Lead Operations Team Service Desk Team
- 30. Extended Executives Legal Communications Human Resources Compliance Physical Security
- 31. 3rd Parties Outsourced IT (help desk, server
- 32. LOGISTICS E-Mail Distro / Call bridge for
- 33. Testing Incident Response High Level Audit Objective Based Assessment Table top Exercise War Game
- 34. Cyber Preparedness – Key Takeaways
- 35. Thank You
- 36. Q&A
- 37. BAE Systems Surrey Research Park Guildford Surrey
- 38. FREEDOM OF INFORMATION ACT This document
Cyber Preparedness
Слайд 1Cyber Preparedness
A Proactive Response to Infiltration
Colin McKinty
Vice President, Cyber Strategy for
Слайд 5It starts with
The Board.
It is driven by a culture
where cyber risk is addressed as part of operational risk
Слайд 10Fire started in a NJ home last year
A driver saw the
fire and banged on the front door until someone answered
The alarms went off -- afterward
The family inside escaped
Fireman eventually got control
Happy ending … but what if the driver did not stop?
Also, almost one year later, re-construction is just starting
The alarms went off -- afterward
The family inside escaped
Fireman eventually got control
Happy ending … but what if the driver did not stop?
Also, almost one year later, re-construction is just starting
Слайд 11Effective Smoke Detection
Consider where you replace them
Ensure the batteries work
Monitor and
maintain
Слайд 12Have a Plan for
When the Alarm
Goes Off
Think of this
as Incident Response
The value of knowing someone is looking after you … ready to bang on your door when fire starts
The value of knowing someone is looking after you … ready to bang on your door when fire starts
Слайд 13What if there’s a “fire” in your network?
What if the alarms
don’t go off right away or if you don’t have the right alarms in place?
What kind of damage could that do if your business took a year to get back to normal?
Also, consider the scenario where your entire operation “burns to the ground”
What kind of damage could that do if your business took a year to get back to normal?
Also, consider the scenario where your entire operation “burns to the ground”
Слайд 14Hierarchy of Security Needs
To be fully prepared and avoid disasters:
Detect new,
hidden threats
Effectively and efficiently respond
Reduce the time & resources required in the detection to resolution phase
Effectively and efficiently respond
Reduce the time & resources required in the detection to resolution phase
Слайд 17detect the incident.
The ability to respond to an incident is
only as good as an organization’s ability to …
Слайд 18Detection
Too many bad guys/attacks
Bad guys don’t want to be found
Attacks take
new forms every day
Sophisticated APT and targeted attacks routinely circumvent existing security defenses
The longer they stay undetected, the greater the financial damage and sensitive data loss
Sophisticated APT and targeted attacks routinely circumvent existing security defenses
The longer they stay undetected, the greater the financial damage and sensitive data loss
Why It’s Challenging
Слайд 19Analytics Techniques
Attacks
Detection Techniques
Anomaly Detection Analytics
Unsupervised machine learning
Anomaly Detection Analytics
Behavioural Analytics
Supervised machine
learning
Anomaly Detection Analytics
Behavioural Analytics
Unsupervised machine learning
Signatures
Rules
New, unknown, attacker techniques
Nation state, targeted attacks
Known attacker methods.
Exploit kits, evolving malware strains. e.g. key loggers, browser clashes
Known attacker techniques.
Beaconing, watering hole etc.
Previously seen threat.
Exact malware match, known bad end points
Threat Landscape
Increasing Risk
Слайд 21
Detection needs to driven by a Threat model
Delivering malware on to
the user’s machine via email, USB, web etc.
Exploiting a vulnerability to execute code on the user estate
Installing malware on the asset
Setting up a command channel for remote manipulation of victim
With access to the estate, attacker can accomplish their original goal
Analytics are categorised by ‘attack technique’. These are the stages an attacker has to go through to successfully complete an attack on a network.
Слайд 24Having proper analysis capabilities requires both trained personnel and the proper
tools to perform the analysis.
Слайд 25A PLAN
vs
A FRAMEWORK
"No plan of operations
extends with certainty
beyond the
first encounter
with the enemy's main strength“
-- Helmuth Karl Bernhard Graf von Moltke
with the enemy's main strength“
-- Helmuth Karl Bernhard Graf von Moltke
Слайд 26FRAMEWORK
Authority and Scope
Team Members and Responsibilities
Logistics
Process to determine severity and
escalation
Post-Incident Activities
Supporting Documentation
Post-Incident Activities
Supporting Documentation
Слайд 27The most critical component in any Incident Response Practice …
Authority and
backing from executive management.
Слайд 313rd Parties
Outsourced IT (help desk, server support)
Forensic Firms
ISPs
Legal Counsel
Law Enforcement
Public Relations
Teams
Слайд 32LOGISTICS
E-Mail Distro / Call bridge for communication
War Room
Computing equipment
Evidence Locker
Often overlooked
items:
Succession of Command
Catering
Shipment of Evidence
OpTempo
Succession of Command
Catering
Shipment of Evidence
OpTempo
Слайд 33Testing Incident Response
High Level Audit
Objective Based Assessment
Table top Exercise
War Game
Слайд 37BAE Systems
Surrey Research Park
Guildford
Surrey
GU2 7YP
United Kingdom
T: +44 (0)1483 816000
F: +44 (0)1483
816144
Unpublished Work Copyright © 2015 BAE Systems. All Rights Reserved.
BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc.
The information in this document contains proprietary information of BAE Systems. Neither this document nor any of the proprietary information contained therein shall be (in whole or in part) published, reproduced, disclosed, adapted, displayed, used or otherwise made available or accessible (in each case, in any form or by any means) outside of BAE Systems without the express written consent from the document originator or an approved representative of BAE Systems.
BAE Systems Applied Intelligence Limited registered in England and Wales Company No. 1337451 with its registered office at Surrey Research Park, Guildford, England, GU2 7YP.
Unpublished Work Copyright © 2015 BAE Systems. All Rights Reserved.
BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc.
The information in this document contains proprietary information of BAE Systems. Neither this document nor any of the proprietary information contained therein shall be (in whole or in part) published, reproduced, disclosed, adapted, displayed, used or otherwise made available or accessible (in each case, in any form or by any means) outside of BAE Systems without the express written consent from the document originator or an approved representative of BAE Systems.
BAE Systems Applied Intelligence Limited registered in England and Wales Company No. 1337451 with its registered office at Surrey Research Park, Guildford, England, GU2 7YP.
Слайд 38FREEDOM OF INFORMATION ACT
This document () contains confidential and commercially sensitive
material which is provided for the Authority’s internal use only and is not intended for general dissemination.
The information contained herein pertains to bodies dealing with security, national security and/or defence matters that would be exempt under Sections 23, 24 and 26 of the Freedom of Information Act 2000 (FOIA). It also consists of information which describes our methodologies, processes and commercial arrangements all of which would be exempt from disclosure under Sections 41 and 43 of the Act.
Should the Authority receive any request for disclosure of the information provided in this document, the Authority is requested to notify BAE Systems Applied Intelligence. BAE Systems Applied Intelligence shall provide every assistance to the Authority in complying with its obligations under the Act.
BAE Systems Applied Intelligence’s point of contact for FOIA requests is:
Chief Counsel
Legal Department
BAE Systems Applied Intelligence
Surrey Research Park
Guildford Gu2 7YP
Telephone 01483 816082
The information contained herein pertains to bodies dealing with security, national security and/or defence matters that would be exempt under Sections 23, 24 and 26 of the Freedom of Information Act 2000 (FOIA). It also consists of information which describes our methodologies, processes and commercial arrangements all of which would be exempt from disclosure under Sections 41 and 43 of the Act.
Should the Authority receive any request for disclosure of the information provided in this document, the Authority is requested to notify BAE Systems Applied Intelligence. BAE Systems Applied Intelligence shall provide every assistance to the Authority in complying with its obligations under the Act.
BAE Systems Applied Intelligence’s point of contact for FOIA requests is:
Chief Counsel
Legal Department
BAE Systems Applied Intelligence
Surrey Research Park
Guildford Gu2 7YP
Telephone 01483 816082
