CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber...
Transcript of CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber...
![Page 1: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/1.jpg)
John McLeod, AlienVault
CISO Playbook
4/25/2017
![Page 2: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/2.jpg)
Breaking News
• DISCLAIMER: The opinions expressed in this presentation are my own and may not reflect the opinions of my company.
![Page 3: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/3.jpg)
whoami
• AlienVault Chief Information Security Officer• Mandiant, Guidance Software, Halliburton and National Oilwell Varco• Retired AFOSI computer crime investigator • 20+ years of computer security experience• First computer:
![Page 4: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/4.jpg)
State of the Hack
• Mandiant• Attackers are calling their targets directly• Nation-state-sponsored APTs continued to harvest systems for PII• Global median time from compromise to discovery has dropped
significantly from from 146 days in 2015 to 99 days 2016, but it is still not good enough
• Crowdstrike• The use of anti-forensic tools to cover the attacker’s tracks• Third-party trust relationships introduce significant risks• Malware-free intrusions have become the norm
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.htmlhttps://www.crowdstrike.com/resources/reports/crowdstrike-cyber-intrusion-services-casebook-2016
![Page 5: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/5.jpg)
State of the Hack
![Page 6: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/6.jpg)
State of the Hack – Matter of Fact!
• Every company has at least one person who will click on anything
![Page 7: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/7.jpg)
WHAT IS A CISO?
![Page 8: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/8.jpg)
According to Wikipedia
• A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures.
![Page 9: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/9.jpg)
![Page 10: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/10.jpg)
CISO Four focus areas
• Guardian• Protect business assets
• Strategist• Drive business and cyber risk alignment
• Advisor• Educate business on cyber risk
• Technologist• Find and implement the right technology for the business
Convenience Security
![Page 11: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/11.jpg)
THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING?
![Page 12: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/12.jpg)
And how are you sleeping?
![Page 13: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/13.jpg)
SEEMS LIKE A LOT, IS THERE A CISO ROADMAP?
![Page 14: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/14.jpg)
Planning Tool – NIST CSF
Christopher Paidhrin, City of Portland, OR – Planning toolhttp://www.tenable.com/whitepapers/nist-csf-implementation-planning-tool
![Page 15: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/15.jpg)
NIST Cyber Security Framework
![Page 16: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/16.jpg)
Map Security Controls to the Framework
![Page 17: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/17.jpg)
HOW MANY SECURITY CONTROLS ARE THERE?
![Page 18: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/18.jpg)
Cyber Security Standards
• Each standard has a set of security controls:• Sarbanes-Oxley• NERC• PCI DSS• HIPAA• COBIT• ISO 27001• ISA/IEC-62443• FISMA• GDRP• ETC…
Thousands of security controls but many overlap
![Page 19: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/19.jpg)
Is Security, Compliance?
• Security is not Compliance and Compliance is not Security• Security is a Journey
• If you do security right, compliance is easy
![Page 20: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/20.jpg)
WHERE DO WE START?
![Page 21: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/21.jpg)
Top 20 Critical Security Controls1. Inventory of Authorized and Unauthorized Devices2. Inventory of Authorized and Unauthorized Software3. Secure Configurations for Hardware and Software4. Continuous Vulnerability Assessment and
Remediation5. Controlled Use of Administrative Privileges6. Maintenance, Monitoring, and Analysis of Audit
Logs7. Email and Web Browser Protections8. Malware Defenses9. Limitation and Control of Network Ports
10. Data Recovery Capability
11. Secure Configurations for Network Devices12. Boundary Defense13. Data Protection14. Controlled Access Based on the Need to
Know15. Wireless Access Control16. Account Monitoring and Control17. Security Skills Assessment and Appropriate
Training to Fill Gaps18. Application Software Security19. Incident Response and Management20. Penetration Tests and Red Team Exercises
https://www.cisecurity.org/critical-controls.cfm
![Page 22: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/22.jpg)
WE HAVE CONTROLS… NOW WHAT?
![Page 23: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/23.jpg)
Cyber Security Maturity Level - exampleWhere you should be
Department of DefenseToday
![Page 24: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/24.jpg)
Take Away
• Balance risk and cost• Prioritize work based on risk• Establish top-notch security incident management• Use resources and knowledge outside my team effectively• Must have a roadmap • Incidents expected, must have a controlled response
![Page 25: CISO Playbook - OWASP€¦ · THAT MIND MAP LOOKED EXHAUSTING, HOW ARE YOU SLEEPING? ... NIST Cyber Security Framework. Map Security Controls to the Framework. HOW MANY SECURITY CONTROLS](https://reader034.fdocuments.us/reader034/viewer/2022052500/5f1ae275e30e20264251ef36/html5/thumbnails/25.jpg)
Questions