Enviar pesquisa
Carregar
Data Driven Cybersecurity Governance
•
Transferir como PPTX, PDF
•
3 gostaram
•
619 visualizações
D
Douglas Gray, CISSP, CISO
Seguir
Dados e análise
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 30
Baixar agora
Recomendados
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
Adobe
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
Bricata, Inc.
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
Haystax Technology
Haystax Technology - About Us
Haystax Technology - About Us
Haystax Technology
Novetta Entity Analytics
Novetta Entity Analytics
Novetta
The Future of Advanced Analytics
The Future of Advanced Analytics
Haystax Technology
2014-2015-data-breach-response-guide
2014-2015-data-breach-response-guide
James Fisher
Recomendados
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
Adobe
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
Bricata, Inc.
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
Haystax Technology
Haystax Technology - About Us
Haystax Technology - About Us
Haystax Technology
Novetta Entity Analytics
Novetta Entity Analytics
Novetta
The Future of Advanced Analytics
The Future of Advanced Analytics
Haystax Technology
2014-2015-data-breach-response-guide
2014-2015-data-breach-response-guide
James Fisher
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Novetta
Whole Person Risk Modeling
Whole Person Risk Modeling
Haystax Technology
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
The lessons learned from WannaCry.
The lessons learned from WannaCry.
dan hyde
A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015
Scott Van Valkenburgh
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
Doug Copley
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
MapR Technologies
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
Computerworld Philippines
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax Technology
Information Security Strategic Management
Information Security Strategic Management
Marcelo Martins
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
SurfWatch Labs
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
Achieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Bill Burns
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
centralohioissa
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burns
Bill Burns
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
Globus
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
Introduction to Internet Governance and Cyber-security
Introduction to Internet Governance and Cyber-security
Glenn McKnight
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
Cyber Security Infotech
Mais conteúdo relacionado
Mais procurados
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Novetta
Whole Person Risk Modeling
Whole Person Risk Modeling
Haystax Technology
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
The lessons learned from WannaCry.
The lessons learned from WannaCry.
dan hyde
A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015
Scott Van Valkenburgh
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
Doug Copley
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
MapR Technologies
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
Computerworld Philippines
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax Technology
Information Security Strategic Management
Information Security Strategic Management
Marcelo Martins
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
SurfWatch Labs
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
Achieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Bill Burns
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
centralohioissa
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burns
Bill Burns
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
Globus
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
Mais procurados
(20)
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Whole Person Risk Modeling
Whole Person Risk Modeling
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
The lessons learned from WannaCry.
The lessons learned from WannaCry.
A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous Evaluation
Information Security Strategic Management
Information Security Strategic Management
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Achieving Compliance Through Security
Achieving Compliance Through Security
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burns
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
Destaque
Introduction to Internet Governance and Cyber-security
Introduction to Internet Governance and Cyber-security
Glenn McKnight
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
Cyber Security Infotech
Introduction to Internet Governance
Introduction to Internet Governance
Escola de Governança da Internet no Brasil
Governance - how does information & security drive your architecture
Governance - how does information & security drive your architecture
Randy Williams
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
Cyber security 22-07-29=013
Cyber security 22-07-29=013
Dr. Amitabha Yadav
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
Internet Censorship
Internet Censorship
qwsny
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
Gwanhoo Lee
Information security governance
Information security governance
Koen Maris
Developing Metrics for Information Security Governance
Developing Metrics for Information Security Governance
digitallibrary
Internet Governance
Internet Governance
ARIN
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
Directorate of Information Security | Ditjen Aptika
Destaque
(15)
Introduction to Internet Governance and Cyber-security
Introduction to Internet Governance and Cyber-security
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
Introduction to Internet Governance
Introduction to Internet Governance
Governance - how does information & security drive your architecture
Governance - how does information & security drive your architecture
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
Cyber security 22-07-29=013
Cyber security 22-07-29=013
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Internet Censorship
Internet Censorship
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
Information security governance
Information security governance
Developing Metrics for Information Security Governance
Developing Metrics for Information Security Governance
Internet Governance
Internet Governance
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
Semelhante a Data Driven Cybersecurity Governance
Measure It, Manage It, Ignore It - Software Practitioners and Technical Debt
Measure It, Manage It, Ignore It - Software Practitioners and Technical Debt
Neil Ernst
IPOR_Gray_2
IPOR_Gray_2
Douglas Gray, CISSP, CISO
Intelligence Preparation for Operational Resilience (IPOR)
Intelligence Preparation for Operational Resilience (IPOR)
Douglas Gray, CISSP, CISO
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
CA Technologies
CIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry Perspectives
CloudIDSummit
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
CAST
Utility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance Capabilities
Booz Allen Hamilton
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
CA Technologies
Risks in the Software Supply Chain
Risks in the Software Supply Chain
Sonatype
Risks in the Software Supply Chain
Risks in the Software Supply Chain
Mark Sherman
OneNeck AX in the Cloud Webinar Presenation
OneNeck AX in the Cloud Webinar Presenation
Scott Fitzgerald
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Mourad Khalil
Cyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
fmi_igf
Achieve Excellence through Customer Experience
Achieve Excellence through Customer Experience
Naveen Agarwal
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Doeren Mayhew
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
Digital Guardian
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
Kurt Hagerman
Analytics: What is it really and how can it help my organization?
Analytics: What is it really and how can it help my organization?
SAS Canada
Veritas Consulting eBook
Veritas Consulting eBook
Ideba
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
Semelhante a Data Driven Cybersecurity Governance
(20)
Measure It, Manage It, Ignore It - Software Practitioners and Technical Debt
Measure It, Manage It, Ignore It - Software Practitioners and Technical Debt
IPOR_Gray_2
IPOR_Gray_2
Intelligence Preparation for Operational Resilience (IPOR)
Intelligence Preparation for Operational Resilience (IPOR)
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
CIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry Perspectives
Applying Software Quality Models to Software Security
Applying Software Quality Models to Software Security
Utility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance Capabilities
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
Risks in the Software Supply Chain
Risks in the Software Supply Chain
Risks in the Software Supply Chain
Risks in the Software Supply Chain
OneNeck AX in the Cloud Webinar Presenation
OneNeck AX in the Cloud Webinar Presenation
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Cyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
Achieve Excellence through Customer Experience
Achieve Excellence through Customer Experience
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
Analytics: What is it really and how can it help my organization?
Analytics: What is it really and how can it help my organization?
Veritas Consulting eBook
Veritas Consulting eBook
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
Último
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
ronsairoathenadugay
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
Health
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
Timothy Spann
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Bertram Ludäscher
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
HyderabadDolls
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
gragchanchal546
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
ThinkInnovation
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
HyderabadDolls
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
HyderabadDolls
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
gajnagarg
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
SOFTTECHHUB
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham Ware
Graham Ware
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
kumargunjan9515
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
nirzagarg
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
nirzagarg
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
Elaine Werffeli
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
gargpaaro
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
wsppdmt
Último
(20)
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham Ware
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
Data Driven Cybersecurity Governance
1.
© 2015 Carnegie
Mellon University Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Douglas Gray
2.
2 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Copyright 2015 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. CERT® and OCTAVE® are registered marks of Carnegie Mellon University. DM-0003094
3.
3 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Introduction
4.
4 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited • The Software Engineering Institute (SEI) is a U.S.-owned not-for-profit federally funded research and development center (FFRDC) operated by Carnegie Mellon University to focus on software and cybersecurity. • The CERT Division of the SEI is a trusted provider of operationally relevant cybersecurity research and innovative and timely solutions to our nation's cybersecurity challenges. • The CERT Division developed and maintains the CERT Resilience Management Model (CERT-RMM) and OCTAVE Allegro Methodology. Who We Are Introduction We work with the following organizations: • Carnegie Mellon University • Discover Financial • Highlands Union Bank • Lockheed Martin Corporation • Marshall & Ilsley Corporation • PNC Corporation • Pacific Gas and Electric • University of Pittsburgh Medical Center • U.S. Dept. of Defense • U.S. Dept. of Energy • U.S. Dept. of Homeland Security • U.S. Dept. of Health & Human Services • U.S. Environmental Protection Agency • U.S. National Security Agency • U.S. Postal Inspection Service • USBank
5.
5 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited To discuss a process to integrate data analytics into operational cybersecurity governance decision making and execution in a way that • frames the problem quickly and accurately and that enables a fast, effective Observe, Orient, Decide, Act Loop • facilitates better data collection and synthesis, quantitative and qualitative analysis, and visualization • enables practical and repeatable analytical battle drills and TTPs for leaders and enablers at all echelons Purpose Introduction
6.
6 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited W. Edwards Deming’s thoughts What it means to us “If you do not know how to ask the right question, you discover nothing.” We must have a reason to analyze data “If you don't understand how to run an efficient operation, new machinery will just give you new problems of operation and maintenance. The sure way to increase productivity is to better administrate man and machine.” We can’t “tool” our way out of cybersecurity challenges “People with targets and jobs dependent upon meeting them will probably meet the targets - even if they have to destroy the enterprise to do it.” Compliance is the beginning, not the end “Whenever there is fear, you will get wrong figures.” The use of data analytics must be productive in the aggregate, punitive as the exception Improving People and Process Introduction Technology is useless without effective processes and trained people
7.
7 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Governance vs. Operations Introduction Operations Governance Scope Individual networks, systems, users, organizations Multiple networks, systems, user bases, organizations Timescale Immediate to 6 months 3 to 36 months* Level of Abstraction Transactional Trends, aggregations Management Impact Direct interaction Context setting *Although maximum technology-related decision making is limited to approximately three years due to rate of technological change, military organizations must program their expected budget needs five years in advance.
8.
8 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Governance vs. Operations Introduction 8 Operations Weather – “It will snow.” Tactical Cyber – “CVE 2015-xx- xxxx is prevalent and is being compromised.” Governance Climate – “Drought in the southwest limits irrigation.” Strategic/Operational Cyber – “FedRAMP usage improves asset management.”
9.
9 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Why Focus on Governance Introduction Know Prevent Detect Respond Recover Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Actions on the Objective Threat Actor Actions1 Friendly Actions2 Harden People, Information, Information, Technology, Facilities Create Faster, More Accurate TTPs, Battle Drills Source: 1Lockheed Martin Kill Chain 2NIST Cybersecurity Framework Effective preparation creates the context for effective response
10.
10 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Leveraging Situational Awareness to Enable Cyber Mission Command Introduction Observe Orient Decide Act mutual trust shared understanding clear leadership intent disciplined initiative mission- oriented directives prudent risk management
11.
11 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Observe
12.
12 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Facets of Cybersecurity Governance Observe
13.
13 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data Fusion Observe Data Fusion Activities Automated vulnerability sensor information •Hardware & Software •Behavioral Observables (Insider Threat) Threat Information •Threat Actor Analysis •Prevailing Attack Patterns Management Information •Budget Information •Demographic Information •Legal & Administrative Investigation Statuses •Mission Impact Analysis Qualitative Assessment • Inspections/Assessments • Professional Sentiments Analysis Orient Unstructured Data Machine Learning Text Analysis Trend Analysis Correlation
14.
14 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Orient
15.
15 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Decision Science vs. Dashboard Orient 1 Dashboard “It’s going to snow.” Decision Science “It’s going to snow. Wear galoshes, gloves, scarf, winter coat.”
16.
16 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Level 1 Perception of the elements in the environment Level 2 Comprehension of the current situation Level 3 Projection of future status Developing Situational Awareness Orient Source: Endsley, M. & Jones, D. Designing for Situation Awareness: An Approach to User-Centered Design (2nd ed.). CRC Press. 2012.
17.
17 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Decomposing the Situation to Develop Situational Awareness Orient Situational Awareness Voice of the Environment Socio-Political Legal and Policy Technological Business Physical Voice of the Organization Voice of the Mission Voice of the Service Strategic Objectives and Supporting Services Organizational Culture Organizational Assets External Dependencies Voice of the Threat Actor Describe Threat Actor Develop Threat Actor Use Cases Indices Probabilistic Models Game Theory Expert Opinion
18.
18 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Build and Update Targeted Metrics Orient Requirements Identify requirements from mandates, doctrine, strategy Group requirements into categories Goals Develop one or more goals for each category Question Develop one or more questions that, if answered, help determine if the goal is met Indicators Identify the information requirements to answer the question Metrics Identify the metrics that will measure the indicator to answer the question Use new metrics to mature current metrics What do we want to know? Why do we want to know it? What will we do once we know it? Build and add to a metrics library.
19.
19 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Authoritative vs. Non-Authoritative Data Orient Authoritative Data • Based on their ability to stand alone as a source for one or more facets of cybersecurity governance • Population • Comprehensiveness • Poor data quality does not make a source not authoritative; it means the quality problems should be fixed Non-Authoritative Data • Source does not cover enough of the population or not comprehensive enough to be authoritative • Can speak to confidence level of an authoritative data source • Examples: reviews, assessments, inspections, surveys.
20.
20 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Using Behavioral Models to Target Stakeholder Need Orient Executives: • Elected leaders, appointees, GOs, FOs, SESs • Target data with eye toward organizational mission and constituents Middle Management: • Staff officers, analysts • Target data with eye toward routines, procedures information Source: Allison, G. T., & Zelikow, P. (1999). Essence of Decision: Explaining the Cuban Missile Crisis (2nd ed.) (Kindle Edition). New York: Longman. Results of data analysis must be impactful to the recipient. Frame products according to organizational behavioral models.
21.
21 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Decide
22.
22 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited • Determine confidence level in assessed data • Low – analyze through subsequent OODA loop • Medium to High – develop action plan to effect change • Identify and prioritize governance-level risks; identify metric- supported thresholds of acceptability and unacceptability • Support solutions. Go beyond “name and shame.” Use metrics to identify key trends and corrective governance-level actions • Tie metrics to a resulting set of possible risk management outcomes • Identify enablers such as SMEs, funding, contract vehicles • Identify organizations that exceed expectations in certain areas and their lessons learned • Identify what expected changes in metric values should be and how to avoid bias/gaming • Prioritize and identify metric thresholds where costs will exceed benefits Key Planning and Decision-Making Factors Decide
23.
23 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Act
24.
24 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Leveraging Enablers to Achieve Desired Effects Act
25.
25 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited • Leverage enablers at the proper organizational level; avoid the “3,000-mile screwdriver” • Governance sets the direction through governance facets. Operations executes through disciplined project management • Avoid numerous, rapid changes that cause enterprise turbulence • Tie actions to expected outcomes and expected timeframes; socialize and communicate expectations • Set decision points to check progress against expectations • Build knowledge base to make for faster and more effective OODA loop Success at the Point of Execution Act
26.
26 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Implementation
27.
27 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Identify success stories • Lessons Learned • Tie to data analysis Identify cautionary tales • Lessons Learned • Tie to data analysis Track event-driven events • Identify trends that respond to events • Resourcing, technology, incidents Building a Cybersecurity Knowledge Base Implementation 2 7
28.
28 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited • Inventory on-hand data • Inventory metrics • Develop data fusion capabilitiesObserve • Refine metrics based on constraints and mandates • Define stakeholders based on behavioral models • Develop quantitative and qualitative analysis engines • Develop visualization capabilities Orient • Inventory enablers and their capabilities • Identify desired outcomes for metrics (i.e., thresholds) • Develop decision support TTPs • Develop decision-support systems Decide • Develop knowledge base • Simulate and practice new decision-making TTPs • Develop and refine process control mechanisms • Develop, refine and leverage communications channels Act How to Implement Implementation
29.
29 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Outcomes of Data Driven Governance Implementation • Faster, more accurate decision making • Better use of resources • Better enterprise cohesion and synchronization • Data-driven outcomes • Improved information sharing • Adaptable to change Observe Orient Decide Act
30.
30 Data Driven Cybersecurity
Governance Dec. 18 2015 © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited © 2015 Carnegie Mellon University Distribution Statement A: Approved for Public Release; Distribution is Unlimited Data-Driven Cybersecurity Governance Questions
Notas do Editor
12/21/2015
Baixar agora