Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus:...
Transcript of Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus:...
![Page 1: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/1.jpg)
Jamie Herman, Manager of Information Security – Ropes & Gray LLP
Lisa Markey, Director Information Security - Shearman & Sterling LLP
Chris Yule, Managing Security Consultant - Dell SecureWorks
Security Strategy Focus: Building a Successful Security Team and Program in Legal
![Page 2: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/2.jpg)
A Little About Us…
![Page 3: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/3.jpg)
Today’s Agenda
The developing role of information security
teams in law firms
Best practices for developing a successful
strategy
Common IT areas to focus initial efforts on
Firm business areas to focus initial efforts on
Takeaways
![Page 4: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/4.jpg)
New Security Programme?
![Page 5: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/5.jpg)
The KEY to success
…AT ONCE
![Page 6: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/6.jpg)
SecureWorks
Characteristics of a
Security Strategy
![Page 7: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/7.jpg)
Characteristics
Risk-based
Alignment with firm goals
Senior leadership support
People and Process
Technology as a tool, not a goal
Assume you will be compromised
Vision – looking ahead down an unknown road
![Page 8: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/8.jpg)
SecureWorks
Strategic Focus Areas
![Page 9: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/9.jpg)
SecureWorks
Understand the
Extended Enterprise
![Page 10: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/10.jpg)
Understand firm organizational goals, and align with them accordingly
Identify the key information assets
Understand where they’re stored, who has access to them, how they’re protected
Identify the risks to those assets
1
2
3
4
Look beyond the organisational boundary? 5
Understand the Extended
Enterprise
![Page 11: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/11.jpg)
Understand what’s happening in your firm
![Page 12: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/12.jpg)
SecureWorks
Increase Visibility
![Page 13: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/13.jpg)
Increase Visibility of Threats
and Vulnerabilities Security Maturity Assessments
Collect and monitor all of your security events
Host and Network-based IDS/IPS to inspect user activity
Apply threat intelligence
1
2
3
4
Vulnerability Scans, Penetration Tests, Patch/Configuration Management 5
![Page 14: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/14.jpg)
What’s the problem?
![Page 15: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/15.jpg)
![Page 16: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/16.jpg)
Understand the players
![Page 17: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/17.jpg)
Detect anomalies
![Page 18: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/18.jpg)
SecureWorks
Build a Culture of
Security
![Page 19: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/19.jpg)
Build a Culture of Security
Make everyone responsible for their own role in protecting information
Put in place a person who is accountable for security
Bring together a steering group involving stakeholders from across the organisation
Get top management backing for information security
1
2
3
4
![Page 20: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/20.jpg)
We’re stronger working together than apart
![Page 21: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/21.jpg)
SecureWorks
Train Your Users
![Page 22: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/22.jpg)
Train Your Users
Build a layered security awareness program
Include Security Essentials, Organisation-Specific and Role-Specific training
Training as a continuous exercise
Train up as well as down
1
2
3
4
Test effectiveness of your training 5
![Page 23: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/23.jpg)
Keep it Simple…
![Page 24: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/24.jpg)
SecureWorks
Be Prepared to
Respond to Incidents
![Page 25: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/25.jpg)
Be Prepared to Respond to
Incidents
Build a tried and tested incident response process
Formalise roles and responsibilities in every type of incident
Understand where your logs are and how to get access to them
Ensure organisational boundaries won’t get in the way
1
2
3
4
Have pre-arranged relationships you can call on if you need it 5
![Page 26: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/26.jpg)
![Page 27: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/27.jpg)
Where to focus…
Elevated privilege accounts
Local admin accounts?
Shadow IT
Critical systems
Public facing systems
Finance and other critical business units
![Page 28: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/28.jpg)
Takeaways
Understand the environment internally and externally
Prioritize risks and recommend mitigating controls
Work with the business to make everyone aware of risks
Change the culture of security from the top down
Collaborate with your peers at other firms and industries
![Page 29: Security Strategy Focusilta.personifycloud.com/.../SecurityStrategy.pdf · Security Strategy Focus: ... Build a Culture of Security Make everyone responsible for their own role in](https://reader034.fdocuments.us/reader034/viewer/2022043021/5f3d69b2a996087e420db83b/html5/thumbnails/29.jpg)
Thank You