SlideShare uma empresa Scribd logo

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating Cyber Risk

Cybersecurity Education and Research Centre
Cybersecurity Education and Research Centre

Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/

Tecnologia
1 de 18
Baixar para ler offline
Data-­‐Driven  Assessment  of  Cyber  Risk:    Challenges  in  Assessing  and  Mi;ga;ng  Cyber  Risk   Mustaque  Ahamad,  Saby  Mitra  and  Paul  Royal   Georgia  Tech  Informa;on  Security  Center   Georgia  Tech  Research  Ins;tute     (In  collabora;on  with  the  World  Economic  Forum)     1  
WEF  2015  Global  Risks  Report   2  
Talking  About  Cyber  Risk   •  Risk  =  Prob.[adverse  event]*Impact[adverse   event]   •  AQacks  occur  when  threat  sources  exploit   vulnerabili;es   •  Mean-­‐;me-­‐to-­‐compromise?   •  Mean-­‐;me-­‐to-­‐recover?  (assuming  detec;on)   •  Tradi;onal  assump;ons  and  solu;ons  do  not   apply.   3  
Why  Even  Try  It?   •  Current  cyber  risk  is  anecdotal  and  percep3on  based  and  we   lack  the  ability  to  objec;vely  assess  the  risk  posed  by  ever  evolving  cyber   threats.   •  Current  cyber  security  threat  data  is  fragmented  and  collected   by  disparate  en;;es  such  as  security  vendors,  vendors  serving  different   sectors  and  academic  research  centers.     •  Publicly  available  cyber  security  data  is  o:en  delayed  and   does  not  provide  the  ability  to  quickly  respond  to  new  threats  that  require   coordinated  effort  within  a  short  ;me.   •  A  trusted  data  sharing  and  analysis  pla<orm  that  brings  data   from  mul;ple  sources  and  provides  novel  analysis  will  increase  our  ability   to  respond  to  emerging  threats  quickly  and  effec;vely.   4  
Approach   Develop  partnerships  to  collect  cyber  risk  relevant  data  from   mul3ple  sources  and  analyze  it  to  create  metrics  that   summarize  current  cyber  security  threats   •  Combine  public  and  proprietary  data  sources  on  cyber   threats  such  as  soYware  vulnerabili;es,  drive-­‐by  downloads   and  malware  from  a  variety  of  cyber  security  organiza;ons.   •  Provide  threat  analy0cs  and  visualiza0on  tools  suitable  for   novice  and  advanced  users,  and  that  can  be  customized  based   on  industry,  technology  pla[orm,  or  geographic  region           5  
Key  Ques;ons   •  What  data  is  relevant?   –  Vulnerabili;es,  alerts  from  IDS  system,  compromised   or  malicious  services?   •  Where  does  the  data  come  from?   –  Public,  proprietary  from  security  vendors  or   government  or  private  en;;es?   •  What  can  we  do  with  such  data  for  beQer   understanding  of  cyber  risk?   –  Analysis,  visualiza;on,  predic;on?   •  What  value  does  a  cyber  risk  tool  offer?   –  Ac;onable  informa;on?  
Current  Data  Sources   •  Public  data   – Vulnerabili;es  reported  to  NVD   •  Summarized  proprietary  data   – Drive-­‐by-­‐download  risk  data  from  a  major  security   vendor   •  Poten;ally  malicious  network  traffic  targe;ng   an  enterprise   – IDS/IPS  alert  data  captured  from  Georgia  Tech   networks  
Overall  System  Architecture   Vulnerabili3es  and  Threat  Intelligence   Errors  in  commonly  used  soYware  that  can  be   used  to  compromise  personal  or  corporate   systems   Malware   SoYware  used  to  disrupt  opera;ons,   gather  sensi;ve  informa;on,  or  gain   access  to  private  computer  systems.   Public   Na;onal  vulnerabili;es  database  (NVD),   Secunia,  Security  Focus,  and  others     Proprietary   Threat  intelligence  from  security  organiza;ons   IDS  data  from  security  service  providers   New  vulnerability  data  from  soYware  vendors   Data  Extractors   SoYware  to  interpret  data  sources  and  extract  data  to  populate  a  common  database   Database   A  structured  and  consolidated  view  of  the  public  and  proprietary  cyber  security  data   Visualiza3on  and  Predic3ve  Analy3cs   A  tool  to  display  cyber  security  metrics  and  analysis  that  is  customized  to  a  specific   technology  profile,  industry  or  region       Cyber  Risk   Relevant  Data   Possible   Data  Sources   Data   Warehouse   Dashboard  &   Decision  Support   Research  Centers  (e.g.,  Georgia   Tech  Informa3on  Security  Center)   GTISC  uses  proprietary  systems  to   iden;fy  drive-­‐by  downloads  (malware)  in   popular  domains.  GTISC  collects  5  million   malware  samples  every  month  and   iden;fies  command  and  control  domains   setup  by  criminals  to  issue  direc;ves  .   8  
The  Why  and  What   Vulnerabili3es   Malware   Public  Vulnerability  Data   Na;onal  vulnerabili;es  database  (NVD),   Secunia,  Security  Focus,  and  others   Threat  Intelligence   Emerging  threat  intelligence  from  security   organiza;ons     Alert  Data   Intrusion  Detec8on  System  Data  from  security   service  providers  like  IBM  and  Dell     New  Vulnerabili3es   New  Vulnerability  Data  from  soYware  vendors   GT  Informa3on  Security  Center   GTISC  collec;on  of  5  million  malware   samples  every  month,  as  well  as  command   and  control  (C&C)  domains.   What  we   have   What  we   need   Predic3ve  Analysis   Expected  volume/severity  of  aQacks  on  a  day   Expected  number  of  0  day  vulnerabili;es  on  a  day     Coordinated  Response   Sharing  of  countermeasures  /  response  to  threats   Why  we   need   Malware  samples  and  C&C  Domains   Addi;onal  malware  samples  and  C&C   domains  from  security  service  providers  and   security  vendors  to  be  shared  within  a   trusted  group   More  Comprehensive  Response   More  malware  samples  and  more  C&C   domains  will  provide  for  a  more  protected   environment  for  everyone   9  
Challenge  I  –  Access  to  Real-­‐world  Threat  Data   10   Data  Sources:  Partnerships  with  various  organiza;ons  to   obtain  cyber  risk  relevant  data  is  cri;cal  for  the  success  of  the   project   Security  Vendors   and  Service   Providers   Consumers  of   Security   Solu;ons   SoYware   Vendors   Client   Companies   &  Govt.   Agencies   Dell  Secureworks   IBM  ISS   Symantec   CERTs   Banks     MicrosoY   Oracle   SAP   IDS  data   Malware  samples   C&C  domain  list   Vulnerabili;es   Malware   samples   C&C  domain  list   Vulnerabili;es   Countermeasures   Typical  profiles   Security  Needs   IDS  Data     Cri;cal   partnerships   Suppor;ng   partnerships  
Challenge  II  –  Analy;cs   11   Analy0cs:    While  combining  data  sets  provides  new  opportuni;es,  developing   customized  tools  will  depend  on  the  data  feeds  available   Drive-­‐by  Download  Risk   Compromised  websites  infect  user   machines  just  because  they  visit     Serious  threats  for  everyday  users   Georgia  Tech  can  detect  likelihood   of  such  infec;ons   Behavior  Fingerprints  of  Malware   Rapidly  changing  malware   means  we  must  focus  on   execu;on  behavior   Georgia  Tech  processes  about   250,000  samples  each  day   Malware  families  and  spread   What  is  My  Cyber  Risk  Today?   IT  profile  and  security  posture   Value  associated  with  target   Observed  malicious  ac;vity   Mi;ga;on  op;ons  and  ability     Predic3ve  Analy3cs   Epidemiological  analysis   How  far  can  an  aQack  spread?   How  rapidly  can  it  spread?  Are   certain  sectors  under  higher  risk?   “What  if”  scenarios   How  would  these  change  with  a   specific  mi;ga;on  plan?    
Challenge  III  –  Threat  Visualiza;on  for   Ac;onable  Informa;on   12   Visualiza0on:    Aggrega;ng  all  the  data  feeds  in  a  meaningful  way  to  provide  a   cyber  threat  barometer  is  difficult.   Using  Visualiza3on  for  Naviga3ng  Large  Amounts  of  Threat  Data   Data  overload  is  a  serious  problem   “Flower  field”  metaphor  for  presen;ng  big   picture   Threatened  assets  can  be  easily  iden;fied   for  addi;onal  analysis   From  Big  Picture  to  Deeper  Insights   An  abnormal  asset  visualiza;on  points  to   increased  risk   Click  on  it  can  provide  details  of   vulnerabili;es,  exploits  and  aQack  informa;on   BeQer  situa;on  awareness  and  response   strategy  
Example  of  System  Provided   Intelligence:  Malware  Source   13  
Vulnerability  Disclosure  Calendar   14  
Vulnerability  Data  Visualiza;on   Demo  
Poten;al  Benefits   •  Data-­‐driven  cyber  risk  assessment  can  enhance  cyber   resilience     –  Modeling  aQacks:  Will  we  ever  have  be  MTTA  and  MTTR  for   cyber  aQacks?   –  Predic;ve  value:  early  aQack  warning  &  proac;ve  response   –   BeQer  intelligence  about  emerging  threats  and  vulnerabili;es   –  More  effec;ve  human-­‐in-­‐the-­‐loop  decision  making  with   analy;cs  and  visualiza;on   •  “CERT  2.0”   –  Real-­‐;me  access  to  threat  informa;on     16  
Cyber  Threat  Weather  Reports   •  Public  vulnerability  data  collec;on  and  analysis     –  Calendar  style  visualiza;on  shows  high  level  trends  and   allows  drill  down  for  deeper  insights   –  Customiza;on  for  given  informa;on  technology  profile   (sector  or  organiza;on  specific)   •  Malware  Threat  Intelligence   –  Drive-­‐by-­‐download  risk  by  daily  analysis  of  popular   websites     •  “AQempted  aQack”  data  visualiza;on  and  and  ;me-­‐ based  trends   •  Others….   17  
Conclusions   •  Is  data-­‐driven  cyber  insurance  even  feasible?   •  Are  there  objec;ves  indicators  that  can  help   beQer  inform  us?   •  Why  will  anyone  provide  data?   – Incen;ves?   •  Who  should  do  it?   – Cyber  CDC   – CERT  2.0   18  

Recomendados

A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges Cybersecurity Education and Research Centre
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 

Recomendados

A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges Cybersecurity Education and Research Centre
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 

Mais conteúdo relacionado

Mais procurados

Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 

Mais procurados (20)

Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 

Semelhante a Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating Cyber Risk

What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 

Semelhante a Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating Cyber Risk (20)

What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 

Mais de Cybersecurity Education and Research Centre

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Cybersecurity Education and Research Centre
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Cybersecurity Education and Research Centre
 

Mais de Cybersecurity Education and Research Centre (16)

Automated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social NetworksAutomated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social Networks
 
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
 
Video Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical FlowVideo Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical Flow
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
 
Identification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A SurveyIdentification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A Survey
 
Clotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and IncorrectClotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and Incorrect
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
 
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on TwitterBroker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Exploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasuresExploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasures
 
The future of interaction & its security challenges
The future of interaction & its security challengesThe future of interaction & its security challenges
The future of interaction & its security challenges
 

Último

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Último (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating Cyber Risk

  • 1. Data-­‐Driven  Assessment  of  Cyber  Risk:    Challenges  in  Assessing  and  Mi;ga;ng  Cyber  Risk   Mustaque  Ahamad,  Saby  Mitra  and  Paul  Royal   Georgia  Tech  Informa;on  Security  Center   Georgia  Tech  Research  Ins;tute     (In  collabora;on  with  the  World  Economic  Forum)     1  
  • 2. WEF  2015  Global  Risks  Report   2  
  • 3. Talking  About  Cyber  Risk   •  Risk  =  Prob.[adverse  event]*Impact[adverse   event]   •  AQacks  occur  when  threat  sources  exploit   vulnerabili;es   •  Mean-­‐;me-­‐to-­‐compromise?   •  Mean-­‐;me-­‐to-­‐recover?  (assuming  detec;on)   •  Tradi;onal  assump;ons  and  solu;ons  do  not   apply.   3  
  • 4. Why  Even  Try  It?   •  Current  cyber  risk  is  anecdotal  and  percep3on  based  and  we   lack  the  ability  to  objec;vely  assess  the  risk  posed  by  ever  evolving  cyber   threats.   •  Current  cyber  security  threat  data  is  fragmented  and  collected   by  disparate  en;;es  such  as  security  vendors,  vendors  serving  different   sectors  and  academic  research  centers.     •  Publicly  available  cyber  security  data  is  o:en  delayed  and   does  not  provide  the  ability  to  quickly  respond  to  new  threats  that  require   coordinated  effort  within  a  short  ;me.   •  A  trusted  data  sharing  and  analysis  pla<orm  that  brings  data   from  mul;ple  sources  and  provides  novel  analysis  will  increase  our  ability   to  respond  to  emerging  threats  quickly  and  effec;vely.   4  
  • 5. Approach   Develop  partnerships  to  collect  cyber  risk  relevant  data  from   mul3ple  sources  and  analyze  it  to  create  metrics  that   summarize  current  cyber  security  threats   •  Combine  public  and  proprietary  data  sources  on  cyber   threats  such  as  soYware  vulnerabili;es,  drive-­‐by  downloads   and  malware  from  a  variety  of  cyber  security  organiza;ons.   •  Provide  threat  analy0cs  and  visualiza0on  tools  suitable  for   novice  and  advanced  users,  and  that  can  be  customized  based   on  industry,  technology  pla[orm,  or  geographic  region           5  
  • 6. Key  Ques;ons   •  What  data  is  relevant?   –  Vulnerabili;es,  alerts  from  IDS  system,  compromised   or  malicious  services?   •  Where  does  the  data  come  from?   –  Public,  proprietary  from  security  vendors  or   government  or  private  en;;es?   •  What  can  we  do  with  such  data  for  beQer   understanding  of  cyber  risk?   –  Analysis,  visualiza;on,  predic;on?   •  What  value  does  a  cyber  risk  tool  offer?   –  Ac;onable  informa;on?  
  • 7. Current  Data  Sources   •  Public  data   – Vulnerabili;es  reported  to  NVD   •  Summarized  proprietary  data   – Drive-­‐by-­‐download  risk  data  from  a  major  security   vendor   •  Poten;ally  malicious  network  traffic  targe;ng   an  enterprise   – IDS/IPS  alert  data  captured  from  Georgia  Tech   networks  
  • 8. Overall  System  Architecture   Vulnerabili3es  and  Threat  Intelligence   Errors  in  commonly  used  soYware  that  can  be   used  to  compromise  personal  or  corporate   systems   Malware   SoYware  used  to  disrupt  opera;ons,   gather  sensi;ve  informa;on,  or  gain   access  to  private  computer  systems.   Public   Na;onal  vulnerabili;es  database  (NVD),   Secunia,  Security  Focus,  and  others     Proprietary   Threat  intelligence  from  security  organiza;ons   IDS  data  from  security  service  providers   New  vulnerability  data  from  soYware  vendors   Data  Extractors   SoYware  to  interpret  data  sources  and  extract  data  to  populate  a  common  database   Database   A  structured  and  consolidated  view  of  the  public  and  proprietary  cyber  security  data   Visualiza3on  and  Predic3ve  Analy3cs   A  tool  to  display  cyber  security  metrics  and  analysis  that  is  customized  to  a  specific   technology  profile,  industry  or  region       Cyber  Risk   Relevant  Data   Possible   Data  Sources   Data   Warehouse   Dashboard  &   Decision  Support   Research  Centers  (e.g.,  Georgia   Tech  Informa3on  Security  Center)   GTISC  uses  proprietary  systems  to   iden;fy  drive-­‐by  downloads  (malware)  in   popular  domains.  GTISC  collects  5  million   malware  samples  every  month  and   iden;fies  command  and  control  domains   setup  by  criminals  to  issue  direc;ves  .   8  
  • 9. The  Why  and  What   Vulnerabili3es   Malware   Public  Vulnerability  Data   Na;onal  vulnerabili;es  database  (NVD),   Secunia,  Security  Focus,  and  others   Threat  Intelligence   Emerging  threat  intelligence  from  security   organiza;ons     Alert  Data   Intrusion  Detec8on  System  Data  from  security   service  providers  like  IBM  and  Dell     New  Vulnerabili3es   New  Vulnerability  Data  from  soYware  vendors   GT  Informa3on  Security  Center   GTISC  collec;on  of  5  million  malware   samples  every  month,  as  well  as  command   and  control  (C&C)  domains.   What  we   have   What  we   need   Predic3ve  Analysis   Expected  volume/severity  of  aQacks  on  a  day   Expected  number  of  0  day  vulnerabili;es  on  a  day     Coordinated  Response   Sharing  of  countermeasures  /  response  to  threats   Why  we   need   Malware  samples  and  C&C  Domains   Addi;onal  malware  samples  and  C&C   domains  from  security  service  providers  and   security  vendors  to  be  shared  within  a   trusted  group   More  Comprehensive  Response   More  malware  samples  and  more  C&C   domains  will  provide  for  a  more  protected   environment  for  everyone   9  
  • 10. Challenge  I  –  Access  to  Real-­‐world  Threat  Data   10   Data  Sources:  Partnerships  with  various  organiza;ons  to   obtain  cyber  risk  relevant  data  is  cri;cal  for  the  success  of  the   project   Security  Vendors   and  Service   Providers   Consumers  of   Security   Solu;ons   SoYware   Vendors   Client   Companies   &  Govt.   Agencies   Dell  Secureworks   IBM  ISS   Symantec   CERTs   Banks     MicrosoY   Oracle   SAP   IDS  data   Malware  samples   C&C  domain  list   Vulnerabili;es   Malware   samples   C&C  domain  list   Vulnerabili;es   Countermeasures   Typical  profiles   Security  Needs   IDS  Data     Cri;cal   partnerships   Suppor;ng   partnerships  
  • 11. Challenge  II  –  Analy;cs   11   Analy0cs:    While  combining  data  sets  provides  new  opportuni;es,  developing   customized  tools  will  depend  on  the  data  feeds  available   Drive-­‐by  Download  Risk   Compromised  websites  infect  user   machines  just  because  they  visit     Serious  threats  for  everyday  users   Georgia  Tech  can  detect  likelihood   of  such  infec;ons   Behavior  Fingerprints  of  Malware   Rapidly  changing  malware   means  we  must  focus  on   execu;on  behavior   Georgia  Tech  processes  about   250,000  samples  each  day   Malware  families  and  spread   What  is  My  Cyber  Risk  Today?   IT  profile  and  security  posture   Value  associated  with  target   Observed  malicious  ac;vity   Mi;ga;on  op;ons  and  ability     Predic3ve  Analy3cs   Epidemiological  analysis   How  far  can  an  aQack  spread?   How  rapidly  can  it  spread?  Are   certain  sectors  under  higher  risk?   “What  if”  scenarios   How  would  these  change  with  a   specific  mi;ga;on  plan?    
  • 12. Challenge  III  –  Threat  Visualiza;on  for   Ac;onable  Informa;on   12   Visualiza0on:    Aggrega;ng  all  the  data  feeds  in  a  meaningful  way  to  provide  a   cyber  threat  barometer  is  difficult.   Using  Visualiza3on  for  Naviga3ng  Large  Amounts  of  Threat  Data   Data  overload  is  a  serious  problem   “Flower  field”  metaphor  for  presen;ng  big   picture   Threatened  assets  can  be  easily  iden;fied   for  addi;onal  analysis   From  Big  Picture  to  Deeper  Insights   An  abnormal  asset  visualiza;on  points  to   increased  risk   Click  on  it  can  provide  details  of   vulnerabili;es,  exploits  and  aQack  informa;on   BeQer  situa;on  awareness  and  response   strategy  
  • 13. Example  of  System  Provided   Intelligence:  Malware  Source   13  
  • 16. Poten;al  Benefits   •  Data-­‐driven  cyber  risk  assessment  can  enhance  cyber   resilience     –  Modeling  aQacks:  Will  we  ever  have  be  MTTA  and  MTTR  for   cyber  aQacks?   –  Predic;ve  value:  early  aQack  warning  &  proac;ve  response   –   BeQer  intelligence  about  emerging  threats  and  vulnerabili;es   –  More  effec;ve  human-­‐in-­‐the-­‐loop  decision  making  with   analy;cs  and  visualiza;on   •  “CERT  2.0”   –  Real-­‐;me  access  to  threat  informa;on     16  
  • 17. Cyber  Threat  Weather  Reports   •  Public  vulnerability  data  collec;on  and  analysis     –  Calendar  style  visualiza;on  shows  high  level  trends  and   allows  drill  down  for  deeper  insights   –  Customiza;on  for  given  informa;on  technology  profile   (sector  or  organiza;on  specific)   •  Malware  Threat  Intelligence   –  Drive-­‐by-­‐download  risk  by  daily  analysis  of  popular   websites     •  “AQempted  aQack”  data  visualiza;on  and  and  ;me-­‐ based  trends   •  Others….   17  
  • 18. Conclusions   •  Is  data-­‐driven  cyber  insurance  even  feasible?   •  Are  there  objec;ves  indicators  that  can  help   beQer  inform  us?   •  Why  will  anyone  provide  data?   – Incen;ves?   •  Who  should  do  it?   – Cyber  CDC   – CERT  2.0   18