2. Confused on
metrics to track,
Good Processes to
adopt, and tools
to use?
Identity & Access Management
Secure SDLC & Application
Security
Endpoint Security
Vulnerability Management
Always begin with the Story….
Key Assumptions made:
This is not specific to industry, hence the business processes in presentation, metrics, and tools are simply generic and not unique to any situation, most of the
processes could be customized to unique industries as needed. Further assumptions will be that IT controls are mapped to COBIT, NIST 800-53 or ISO 27001 already.
4. IAM are Series of framework of policies, procedures
and technologies for ensuring appropriate personnel
have access to technology resources.
5. Identify And Access Management
Process and activities
PROVISION ENFORCEADMINISTER
REQUEST ACCESS
VALIDATE REQUEST
APPROVE ACCESS
ASSIGN AND
COMMUNICATE
ACCESS
PLAN AND
STRATEGIZE
MANAGE POLICIES
AND STANDARDS
EDUCATE AND
MANAGE SYSTEMS
MONITOR, AUDIT
AND RECONCILE
• AUTHENTICATE
• AUTHORIZE
• LOG ACTIVITIES
S Y S T E M S A N D D A T A
6. WHAT IS TRACKED AND MEASURED IN IDENTITY AND ACCESS MANAGEMENT?
Metric Tracked Ranking
Average number of distinct accounts (credentials) per user:
Number of unused accounts:
Number of orphaned accounts:
Number of new accounts provisioned:
Number of exceptions per access re-certification cycle
Password policy effectiveness:
Average time to provision and de-provision of a user:
Average time to provide an authorization
Average time to make changes in identity policies:
Violation of separation of duties:
High Business impact
Medium Business Impact
Low Business Impact
Management Perspective:
How well do we manage
user provisioning without
exposing the organization
to access risk.
7. COMMON TOOLS USED IN IDENTIFY &
ACCESS MANAGEMENT (IAM)
IAM Tools On-Premise Cloud
Forefront Identity Manager X X
Microsoft Azure Active Directory X X
Oracle Identity Management X
Okta Identity Management X X
Zoho Vault X X
OneLogin X X
LogMeIn Pro X
Auth0 X
ExcelID X X
ADManager Plus X X
IBM IAM X X
9. Application security encompasses measures
taken to improve the security of an
application often by finding, fixing and
preventing security vulnerabilities
A secure SDLC process ensures that security
assurance activities such as penetration
testing, code review, and architecture analysis
are an integral part of the development
effort.
10. SECURE SDLC & APPLICATION SECURITY PROCESS
REQUIREMENTS DESIGN DEVELOPMENT TEXT DEPLOYMENT
Map Security
& Privacy
Requirements
Threat
modelling.
Security design
review
Static Analysis
Peer Review
Security test
cases
Dynamic Analysis
Final security
review
Application
security &
monitoring
Response Plan
Web application security
People
• Training
• organization
Process
• Risk management
• SDLC
• Guidelines
• Verification
Technology
• Tools
• Development
• frameworks
11. WHAT IS TRACKED AND MEASURED IN APPLICATION SECURITY?
Metric Tracked Ranking
Weighted Risk Trend
Remediation Calculation Window
Application Testing Coverage
Mean Time to Respond
Confirmed exploits
Confirmed Account Takeovers
High Business impact
Medium Business Impact
Low Business Impact
Management
Perspective: Can we
rely on the security
model of business
applications to operate
as intended?
Risk is very relative to industry and other controls established within the business
12. COMMON TOOLS USED IN APPLICATION SECURITY
Application Security tools On-Premise Cloud
Wapiti X X
Zed Attack Proxy X X
Vega X
W3af X X
Skipfish X X
Ratproxy X X
SQLMap X
Wfuzz X
Wapiti X X
Zed Attack Proxy X X
Vega X X
14. Endpoint Security/ endpoint protection is
an approach to the protection of
computer networks that are remotely
bridged to client devices.
15. END POINT SECURITY PROCESS
CONFIGURATION
MANAGEMENT
ANTI-MALWARE
ACCEPTABLE USE RPOLICIES
SYSTEM
MONITORING
END-POINT SECURITY
CONTROLS
DATA SECURITY
APPLICATION
SECURITY
I A M
The policies, processes and technology controls
used to protect the confidentiality, integrity, and
availability of an end point system
16. What is tracked and Measured in Endpoint Security?
Metric Tracked Ranking
Level of visibility the solution provides :
Types of threat detected :
OS supporting ability :
File detection :
Security controls :
High Business impact
Medium Business Impact
Low Business Impact
Management
Perspective: How well
do we manage the
end point of critical
infrastructures such
as Servers, desktop.
17. Common tools used in End Point Security
End Point Security tools On-Premise Cloud
Bitdefender X X
Carbon Black X X
Code42 X
Check Point X X
Comodo X X
CounterTack X X
RSA X
SentinelOne X
Sophos X X
Symantec X X
Trend Micro X X
19. Vulnerability management is the process
surrounding vulnerability scanning, also taking
into account other aspects such as risk
acceptance, remediation etc.
21. What is tracked and Measured in Vulnerability Management?
Metric Tracked Ranking
Mean Time to Detect
Mean Time to Resolve
Average Window of Exposure
Scanner Coverage
Scan Frequency by Asset Group
Average Risk by BU / Asset Group
Number of Exceptions Granted
Vulnerability Reopen Rate
% of Systems with no open High / Critical Vulnerability
High Business impact
Medium Business Impact
Low Business Impact
Management Perspective:
How well do we manage
the exposure of the
organization to
vulnerabilities by
identifying and mitigating
known vulnerabilities?
22. COMMON TOOLS USED IN VULNERABILITY MANAGEMENT
Vulnerability Management tools On-Premise Cloud
Comodo HackerProof X X
OpenVAS X X
Nexpose Community X
Nikto X X
Tripwire IP360 X X
Wireshark X X
Aircrack X
Nessus Professional X
Retina CS Community X X
Microsoft Baseline Security Analyzer (MBSA) X X
AlienVault USM Anywhere X