Rob kloots presentation_issa_spain

a step by step approach

METRICS, RISK MANAGEMENT & DLP
Rob Kloots Vice-President ISSA-BE ; Webmaster ISSA-BE
Owner CSF b.v. - GRC Consulting
Rob.Kloots@csf.nl

DISCUSSION ITEMS
 Professionalise, Organise
 Compliance Security Framework
 Objectives
 Metrics
 Measures
 Achieveable Markerpoints
 Risk Management
 Data Loss Prevention System
 External Standards
 Action list
 Controls

Conferencias ISSA de Seguridad 2010 15-04-2010 3

DATA LOSS PREVENTION
 Data Loss Prevention (DLP) is a computer security term
referring to systems that identify, monitor, and protect data in use
(e.g., endpoint actions), data in motion (e.g., network actions),
and data at rest (e.g., data storage) through deep content
inspection, contextual security analysis of transaction (attributes
of originator, data object, medium, timing, recipient/destination,
etc.), and with a centralized management framework. The
systems are designed to detect and prevent the unauthorized use
and transmission of confidential information.
 It is also referred to by various vendors as Data Leak
Prevention, Information Leak Detection and Prevention
(ILDP), Information Leak Prevention (ILP), Content
Monitoring and Filtering (CMF) or Extrusion Prevention
System by analogy to Intrusion-prevention system.

4
Conferencias ISSA de Seguridad 2010 15-04-2010

FIREFIGHTING DLP INCIDENTS
 Data breach causes
 According to a Verizon 2009 report
• 74% from external sources
• 20% by insiders
• 32% implicated business partners
• 39% involved multiple parties

 What damage can be done?
• Loss of trust
• Reputation damage
• Loss of clients Conferencias ISSA de Seguridad 2010 15-04-2010

• Repair costs

5

FIREFIGHTING DLP INCIDENTS
 DLP more then a Gartner-hype
DLP
 DLP key to GRC

 European Commission
enforces DLP in the 2008
Telecom Directive

 DLP incidents are a given
fact of operations
 If or When?

6

ADAPT, ADOPT, IMPROVE

 Firefighting
 Maturity level
Adopt
 What steps?

 Learning Management System
 Metrics,

 Measures, and Improve Adapt
 Markerpoints.

7

MATURITYLEVELS
o Predefined business process
o Clear goals/performance req’s
o Quantitative/qualitative measures
Quantitatively
Managed
Managed

Defined

Repeatable

Incomplete

8


COMPLIANCE SECURITY FRAMEWORK

 A Compliance Security Framework should
allow for team-effort for both
 Mgt (2) and operators(3) to enter into a
learning system
 with respect to Compliance & Risk based
1
security measures (1).
CS
F
2 3

9 9

COMPLIANCE DEFINED

 Compliance is either a state of being in
accordance with established standards,
specifications or legislation or the process of
becoming so.

10

COMPLIANCE CAN PROVIDE OPPORTUNITIES

 Compliance within Organisation can provide a
positive Roi.
 Investment
 Compliance Management, based on an efficient
control set (e.g. ISO27001/9001/20000) and audit
methodology.
 Return; by being compliant, Org.:
 has a strong quality statement for existing
customers and prospects;
 mitigates risks;
 improves quality of service delivery processes.

11

COMPLIANCE; AGAINST WHAT?

 Company internal
policies &
standards
 External rules and
regulations
 Industry standards
 Customer (security)
requirements
…

12

WELL-CONTROLLED ORGANIZATIONS

Key attributes of a well-controlled
organization include :
# 1. Leadership of Board
# 2. Translation of strategic vision to day-to-day management
# 3. Communication of objectives & values to all levels
# 4. Individual accountability
# 5. Risk management system
# 6. Human resources reinforcement
# 7. Independent, objective and competent oversight
13

14

pwc
RISK & CONTROL : SYMBIOTIC SYSTEMS
• Define strategic risk
• Articulate risk philosophy
Objective • Define values and behavioral expectations

• Assess risk
Risk • Manage risk

• Assess existing controls
Control • Select control model
• Continuous communication

• Continuous program for ORC
Alignment
• Develop a control improvement plan

… Operations are dynamic and evolving...


METRICS - 1

 Metrics are simply a standard or system of
measurement
 Metric - A quantitative measure of the
degree to which a system, component, or
process possesses a given attribute [2]. A
calculated or composite indicator based upon
two or more measures. A quantified measure
of the degree to which a system, component,
or process possesses a given attribute [3].

15

METRICS - 2

 Characteristics & Classification
 Process metrics
 CSFs, KGIs and KPIs
 Asset related vulnerability metrics
 What value has Data, when static, dynamic, owned,
stored, lost
 Monetary value of Reputation
 ? Market Capitalisation
 ! Value of assets in Euro
 ! Total asset value at Risk

16

MEASURES
 Measure - To ascertain or appraise by
comparing to a standard [1]. A standard or unit
of measurement; the extent, dimensions,
capacity, etc., of anything, especially as
determined by a standard; an act or process of
measuring; a result of measurement [3]. A
related term is Measurement - The act or
process of measuring. A figure, extent, or
amount obtained by measuring [1]. The act or
process of measuring something. Also a result,
such as a figure expressing the extent or value
that is obtained by measuring [3].

17

ACHIEVEABLE MARKERPOINTS

 How to set
 Where to use

 Purpose

18

RISK MANAGEMENT - 1

Qualitative
Quantitative

RM
mechanics

Mgt info
19

RISK MANAGEMENT - 2


WHAT STANDARDS?

DLP


DATA LOSS PREVENTION SYSTEM
 1. Introduction to the DLPS 10%
 2. Creating the Asset Inventory 8%
 3. Establishing Information Risk Management process 8%
 4. Establish a Continual Improvement process 10%
 5. Developing Documentation 5%
 6. Establishing a Legal Registry process 8%
 7. Establishing a Compliance Management process 5%
 8. Establishing an Audit process 10%
 9. Establishing a Governance process 10%
 10. Establishing Security & Privacy testing process 8%
 11. Establishing the Incident Response process 8%
 12. Establishing Training & Awareness process 10%


DATA LOSS PREVENTION
SANS Critical Security Controls
 1: Inventory of Authorized and Unauthorized Devices
 2: Inventory of Authorized and Unauthorized Software
 3: Secure Configurations for Hardware and Software on Laptops,
WorkstationsCritical, and Servers
Control 15 Metric
 4: Secure Configurations for Network Devices such as Firewalls, Routers,
and Switches
The5: Boundary Defense capable of identifying unauthorized data
 system must be
leaving the organization'sand Analysis whether via network file
 6: Maintenance, Monitoring, systems of Audit Logs
 7: Application Software Security
transfers or removable media. Privileges
 8: Controlled Use of Administrative
9: Controlled Access Based on Need to Know
Control 15Test

 10: Continuous Vulnerability Assessment and Remediation
 11: Account Monitoring and Control
 12: Malware Defenses
 13: Limitation and Control of Network Ports, Protocols, and Services
Associated NIST SP 800-53 Rev 3 Priority 1
 14: Wireless Device Control
15: Data Loss Prevention
Controls:


AC-4, MP-2 (2), MP-4 (1), SC-7 (6, 10), SC-9, SC-13, SC-28 (1),
SI-4 (4, 11), PM-7

QUESTIONS, PLEASE!


Rob kloots presentation_issa_spain

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (11)

Semelhante a Rob kloots presentation_issa_spain

Semelhante a Rob kloots presentation_issa_spain (20)

Último

Último (20)

Rob kloots presentation_issa_spain