SlideShare uma empresa Scribd logo

InfoSEC10062016Vlinkedin

Hans Oosterling
Hans Oosterling

The document discusses information security and risk management. It covers the CIA triad of confidentiality, integrity and availability. It describes how to determine control and protection levels for each part of the CIA triad. It also discusses risk assessment, information security frameworks, privacy issues, availability through disaster recovery levels, and the Baseline Information Security for the Dutch Government (BIR).

1 de 20
Baixar para ler offline
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: 1 Date: 1/27/2017 Information Security And Risk Management Hans Oosterling July 2016
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Triad How to determine Control/protection level?  Confidentiality – Access Control – Encryption (data at rest (databases) and in transition (network)  Integrity – Data – Systems – Process  Availability – Redundancy – Roll back – Fail-over – Back-up
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rating How to determine Control/protection level?  Integrity levels – Ensure that the Data, System and Process acts as intended without unintentional changes (integrity is the opposite of corrupted or incorrect functioning) – Challenges are software bugs, design flaws, human errors  Availability levels based on – MOT (maximum outage time in hours) – RTO (recovery time objective: getting IT systems back at operational performance level, excluding decision time, process recovery etc) – RPO (recovery point objective: data loss after incident occurs)
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rate Determination: Confidentiality Per criteria specific set of Questions
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rate Determination: Integrity Per criteria specific set of Questions
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rate Determination: Availability Per criteria specific set of Questions
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Triad How to determine Control/protection level?  Confidentiality – Access Control – Encryption (data at rest (databases) and in transition (network)  Integrity – Data – Systems – Process  Availability – Redundancy – Roll back – Fail-over – Back-up
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Countermeasures / Controls Examples (1)  C3: access control with multi-factor authentication  C2: access logged and traceable  I3: every release must be regression tested  I4: software inspection on malicious components  A4: hot fail-over and mirroring  I2: database logging  C4: accounts checking and 4eyes on account creation process  C4: (suspicious) event monitoring  A3: roll-back mechanism in place
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Countermeasures / Controls Examples (2)  xx3 applications: tracking on change process  xx2: production support logged and traceable  xx3: if outsourced twice a year external audit performed (SAS70)  C4: people with access rights background check once a year  A4: twice a year actual recovery test  ----------------------  Measures and Controls: – Proof of Design – Proof of Operational Effectiveness – Integrated approach: People, Process and IT
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Risk Assessment (2)  Qualitative Risk Matrix: likelihood versus consequences (=Impact) Values are business or industry specific
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Risk Assessment (3)  Total Risk is full risk amount before control is put in place  Residual Risk is the risk remaining after implementing control Threats X Vulnerability X Asset Value = Total Risk Total Risk - countermeasures = Residual Risk Asset Value X Exposure Factor = SLE: Single Loss Expectancy SLE X Annualized Rate of Occurrence (ARO) = ALO: Annual Loss Expectancy
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Information Security Framework (1)  British Standard 7799 (BS7799)  ISO 27000 series – Outline Control Objectives – Security measures to meet these Control Objectives (Deming cycle) PLAN ACT DO CHECK
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Information Security Framework (2)  Important is to set up a integrated security program covering a wide range of topics (IEC/ISO 27002): – Information Security Policy (map to business objectives, management support etc) – Creation of Information Security Infrastructure (organisation, roles, responsibilities, reviews) – Personnel security (employment life-cycle) – Asset classification – Access Control (RBAC, authentication methods, monitoring etc) – Encryption – Physical and environmental security (restricted areas, server room locked etc) – Operations management (incident handling, change control, communications etc) – Communications Security (network, information transfer) – System acquisition and maintenance (implement security measures throughout the system lifecycle, cryptography, integrity protection, SW vendor auditing etc) – Supplier relationships – Information security incident management – Business Continuity (counter disruptive incidents) – Compliance (comply with regulatory, statutory, contractual requirements)
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 IT Audit External Service Providers  SAS70  Succeeded by ISAE3402  Topics in scope: – Service Level Management – Configuration management – Change management – Incident Management – Problem Management – Security – Availability
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Privacy (1)  “Right to be let alone” – Physical privacy, maintain their own physical space or solitude – Information privacy, ability of a person to control, edit, manage and delete information about themselves and decide how and to what extend such information is communicated to others  Privacy risks – Inaccurate, insufficient or out of date – Excessive or irrelevant – Kept for too long – Inappropriately used – Not kept securely
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Privacy (2)  Privacy Impact Analysis (PIA) – New ICT projects or alongside the IT development process – Apply to existing information flows – PIA steps to be taken: 1. Identify the need for a PIA 2. Describing the information flows in scope 3. Identifying the privacy and related risks (corporate reputational risk etc) 4. Identifying and evaluating privacy solutions 5. Signing off and recording the outcome of the PIA 6. Integrating the outcome back into the project or IT developments  Acceptance versus privacy risk mitigation  Regulations on revealing and mandatory communicating data leaks
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Availability: Disaster Recovery Levels  Data Centre Recovery Stages  0 No Off-site data (possibly no recovery)  1 Data back-up (physical transport to secondary site) no applications at secondary site  2 Data back-up (physical transport to secondary site) applications at secondary site available (hot site)  3 Electronic vaulting (back-up data by network in batches (probably at midnight)  4 Point in time copies (real-time back-ups)  5 Transaction integrity  6 Zero (or near zero) data loss  7 Highly automated, business integrated solution  Data Recovery Testing levels  0 No testing  1 Desk testing (paper based)  2 Simulation test in isolated environment  3 Exercise without production data  4 Production exercise light with production data (outside business hours)  5 Production exercise full at single platform (during business hours)  6 Production exercise full at multiple platforms  7 Data centre down scenario
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Availability: Disaster Recovery Testing Primary Site Secondary Site Incident Recovery Way back  Data Recovery o Transactional o Referential (static data) o Keep integrity and consistency  Business Continuity o Process, People and IT o Security measures • Proof of Design • Proof of Operational Effectiveness
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Baseline Informatiebeveiliging Rijksoverheid (1) (BIR)  Taking into account Dutch law and regulations – Wet Bescherming Persoonsgegevens (WBP) – Wet Particuliere Beveiligingsorganisaties en Recherchebureaus (WBPR) – Wet Veiligheidsonderzoeken (WVO) – Wet Politiegegevens (WPG) – Ambtenarenwet – Voorschrift Informatiebeveiliging Rijksdienst (VIR 2007) – Voorschrift Informatiebeveiliging Rijksdienst – Bijzondere informatie (VIRBI2012) – Beveiligingsvoorschrift 2005 (BVR) – Algemeen Rijksambtenarenreglement (ARAR) – Uitgangspunten online communicatie rijksambtenaren – Programma van Eisen PKI Overheid – Code voor Informatiebeveiliging – Telecommunication Infrastructure Standard for Data Centers (TIA-942)
Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Baseline Informatiebeveiliging Rijksoverheid (2) (BIR)  Based on IEC/ISO 27002 – Principles and policies – Structure and Organisation – Asset management – HR and personnel – Physical and environmental security – Operations Security – Access Control – Acquisition – Encryption – Security Incident and Event Management – Continuity – Compliance

Recomendados

IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEMSecureData Europe
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTsSchellman & Company
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
Building Cybersecurity into a Greenfield ICS Project
Building Cybersecurity into a Greenfield ICS ProjectBuilding Cybersecurity into a Greenfield ICS Project
Building Cybersecurity into a Greenfield ICS ProjectJohn Cusimano, CFSE, CISSP, GICSP
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&EOwais Ahmad
 

Recomendados

IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEMSecureData Europe
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTsSchellman & Company
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
Building Cybersecurity into a Greenfield ICS Project
Building Cybersecurity into a Greenfield ICS ProjectBuilding Cybersecurity into a Greenfield ICS Project
Building Cybersecurity into a Greenfield ICS ProjectJohn Cusimano, CFSE, CISSP, GICSP
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&EOwais Ahmad
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)Peter GEELEN ✔
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) ArkhipovaOWASP Russia
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features rver21
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015n|u - The Open Security Community
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
Wc4
Wc4Wc4
Wc4Said Wali
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 
Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Graeme Payne
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cyclevulsec123
 

Mais conteúdo relacionado

Mais procurados

20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)Peter GEELEN ✔
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) ArkhipovaOWASP Russia
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features rver21
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015n|u - The Open Security Community
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 

Mais procurados (20)

20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
 
Wc4
Wc4Wc4
Wc4
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM Implementation
 

Destaque

Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Graeme Payne
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cyclevulsec123
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 

Destaque (6)

Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cycle
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Bcm 50 system overview
Bcm 50 system overviewBcm 50 system overview
Bcm 50 system overview
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLC
 

Semelhante a InfoSEC10062016Vlinkedin

Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
CONTEXTUAL ARCHITECTURE.pptx
CONTEXTUAL ARCHITECTURE.pptxCONTEXTUAL ARCHITECTURE.pptx
CONTEXTUAL ARCHITECTURE.pptxPandiya Rajan
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxIntroduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxMardhaniAR
 
SCADA and HMI Security in InduSoft Web Studio
SCADA and HMI Security in InduSoft Web StudioSCADA and HMI Security in InduSoft Web Studio
SCADA and HMI Security in InduSoft Web StudioAVEVA
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfBabyBoy55
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiBL4CKSWAN Srl
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security processUlf Mattsson
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017Joseph John
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset OwnersTommy Vandepitte
 

Semelhante a InfoSEC10062016Vlinkedin (20)

Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
CONTEXTUAL ARCHITECTURE.pptx
CONTEXTUAL ARCHITECTURE.pptxCONTEXTUAL ARCHITECTURE.pptx
CONTEXTUAL ARCHITECTURE.pptx
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxIntroduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
 
SCADA and HMI Security in InduSoft Web Studio
SCADA and HMI Security in InduSoft Web StudioSCADA and HMI Security in InduSoft Web Studio
SCADA and HMI Security in InduSoft Web Studio
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
Vijay Amarnath - Updated
Vijay Amarnath - UpdatedVijay Amarnath - Updated
Vijay Amarnath - Updated
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
Training Information Asset Owners
Training Information Asset OwnersTraining Information Asset Owners
Training Information Asset Owners
 

Mais de Hans Oosterling

Network Security and Risk Management
Network Security and Risk ManagementNetwork Security and Risk Management
Network Security and Risk ManagementHans Oosterling
 
CyberSecurity24012017Vlinkedin
CyberSecurity24012017VlinkedinCyberSecurity24012017Vlinkedin
CyberSecurity24012017VlinkedinHans Oosterling
 
Transforming into Agile IT organisation
Transforming into Agile IT organisationTransforming into Agile IT organisation
Transforming into Agile IT organisationHans Oosterling
 
AgileImplementation10122014V1
AgileImplementation10122014V1AgileImplementation10122014V1
AgileImplementation10122014V1Hans Oosterling
 

Mais de Hans Oosterling (6)

Network Security and Risk Management
Network Security and Risk ManagementNetwork Security and Risk Management
Network Security and Risk Management
 
CyberSecurity24012017Vlinkedin
CyberSecurity24012017VlinkedinCyberSecurity24012017Vlinkedin
CyberSecurity24012017Vlinkedin
 
KICK START AGILE/SCRUM
KICK START AGILE/SCRUMKICK START AGILE/SCRUM
KICK START AGILE/SCRUM
 
DevOpsteamsJune2016
DevOpsteamsJune2016DevOpsteamsJune2016
DevOpsteamsJune2016
 
Transforming into Agile IT organisation
Transforming into Agile IT organisationTransforming into Agile IT organisation
Transforming into Agile IT organisation
 
AgileImplementation10122014V1
AgileImplementation10122014V1AgileImplementation10122014V1
AgileImplementation10122014V1
 

InfoSEC10062016Vlinkedin

  • 1. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: 1 Date: 1/27/2017 Information Security And Risk Management Hans Oosterling July 2016
  • 2. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Triad How to determine Control/protection level?  Confidentiality – Access Control – Encryption (data at rest (databases) and in transition (network)  Integrity – Data – Systems – Process  Availability – Redundancy – Roll back – Fail-over – Back-up
  • 3. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rating How to determine Control/protection level?  Integrity levels – Ensure that the Data, System and Process acts as intended without unintentional changes (integrity is the opposite of corrupted or incorrect functioning) – Challenges are software bugs, design flaws, human errors  Availability levels based on – MOT (maximum outage time in hours) – RTO (recovery time objective: getting IT systems back at operational performance level, excluding decision time, process recovery etc) – RPO (recovery point objective: data loss after incident occurs)
  • 4. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rate Determination: Confidentiality Per criteria specific set of Questions
  • 5. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rate Determination: Integrity Per criteria specific set of Questions
  • 6. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Rate Determination: Availability Per criteria specific set of Questions
  • 7. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 CIA Triad How to determine Control/protection level?  Confidentiality – Access Control – Encryption (data at rest (databases) and in transition (network)  Integrity – Data – Systems – Process  Availability – Redundancy – Roll back – Fail-over – Back-up
  • 8. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Countermeasures / Controls Examples (1)  C3: access control with multi-factor authentication  C2: access logged and traceable  I3: every release must be regression tested  I4: software inspection on malicious components  A4: hot fail-over and mirroring  I2: database logging  C4: accounts checking and 4eyes on account creation process  C4: (suspicious) event monitoring  A3: roll-back mechanism in place
  • 9. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Countermeasures / Controls Examples (2)  xx3 applications: tracking on change process  xx2: production support logged and traceable  xx3: if outsourced twice a year external audit performed (SAS70)  C4: people with access rights background check once a year  A4: twice a year actual recovery test  ----------------------  Measures and Controls: – Proof of Design – Proof of Operational Effectiveness – Integrated approach: People, Process and IT
  • 10. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Risk Assessment (2)  Qualitative Risk Matrix: likelihood versus consequences (=Impact) Values are business or industry specific
  • 11. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Risk Assessment (3)  Total Risk is full risk amount before control is put in place  Residual Risk is the risk remaining after implementing control Threats X Vulnerability X Asset Value = Total Risk Total Risk - countermeasures = Residual Risk Asset Value X Exposure Factor = SLE: Single Loss Expectancy SLE X Annualized Rate of Occurrence (ARO) = ALO: Annual Loss Expectancy
  • 12. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Information Security Framework (1)  British Standard 7799 (BS7799)  ISO 27000 series – Outline Control Objectives – Security measures to meet these Control Objectives (Deming cycle) PLAN ACT DO CHECK
  • 13. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Information Security Framework (2)  Important is to set up a integrated security program covering a wide range of topics (IEC/ISO 27002): – Information Security Policy (map to business objectives, management support etc) – Creation of Information Security Infrastructure (organisation, roles, responsibilities, reviews) – Personnel security (employment life-cycle) – Asset classification – Access Control (RBAC, authentication methods, monitoring etc) – Encryption – Physical and environmental security (restricted areas, server room locked etc) – Operations management (incident handling, change control, communications etc) – Communications Security (network, information transfer) – System acquisition and maintenance (implement security measures throughout the system lifecycle, cryptography, integrity protection, SW vendor auditing etc) – Supplier relationships – Information security incident management – Business Continuity (counter disruptive incidents) – Compliance (comply with regulatory, statutory, contractual requirements)
  • 14. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 IT Audit External Service Providers  SAS70  Succeeded by ISAE3402  Topics in scope: – Service Level Management – Configuration management – Change management – Incident Management – Problem Management – Security – Availability
  • 15. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Privacy (1)  “Right to be let alone” – Physical privacy, maintain their own physical space or solitude – Information privacy, ability of a person to control, edit, manage and delete information about themselves and decide how and to what extend such information is communicated to others  Privacy risks – Inaccurate, insufficient or out of date – Excessive or irrelevant – Kept for too long – Inappropriately used – Not kept securely
  • 16. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Privacy (2)  Privacy Impact Analysis (PIA) – New ICT projects or alongside the IT development process – Apply to existing information flows – PIA steps to be taken: 1. Identify the need for a PIA 2. Describing the information flows in scope 3. Identifying the privacy and related risks (corporate reputational risk etc) 4. Identifying and evaluating privacy solutions 5. Signing off and recording the outcome of the PIA 6. Integrating the outcome back into the project or IT developments  Acceptance versus privacy risk mitigation  Regulations on revealing and mandatory communicating data leaks
  • 17. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Availability: Disaster Recovery Levels  Data Centre Recovery Stages  0 No Off-site data (possibly no recovery)  1 Data back-up (physical transport to secondary site) no applications at secondary site  2 Data back-up (physical transport to secondary site) applications at secondary site available (hot site)  3 Electronic vaulting (back-up data by network in batches (probably at midnight)  4 Point in time copies (real-time back-ups)  5 Transaction integrity  6 Zero (or near zero) data loss  7 Highly automated, business integrated solution  Data Recovery Testing levels  0 No testing  1 Desk testing (paper based)  2 Simulation test in isolated environment  3 Exercise without production data  4 Production exercise light with production data (outside business hours)  5 Production exercise full at single platform (during business hours)  6 Production exercise full at multiple platforms  7 Data centre down scenario
  • 18. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Availability: Disaster Recovery Testing Primary Site Secondary Site Incident Recovery Way back  Data Recovery o Transactional o Referential (static data) o Keep integrity and consistency  Business Continuity o Process, People and IT o Security measures • Proof of Design • Proof of Operational Effectiveness
  • 19. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Baseline Informatiebeveiliging Rijksoverheid (1) (BIR)  Taking into account Dutch law and regulations – Wet Bescherming Persoonsgegevens (WBP) – Wet Particuliere Beveiligingsorganisaties en Recherchebureaus (WBPR) – Wet Veiligheidsonderzoeken (WVO) – Wet Politiegegevens (WPG) – Ambtenarenwet – Voorschrift Informatiebeveiliging Rijksdienst (VIR 2007) – Voorschrift Informatiebeveiliging Rijksdienst – Bijzondere informatie (VIRBI2012) – Beveiligingsvoorschrift 2005 (BVR) – Algemeen Rijksambtenarenreglement (ARAR) – Uitgangspunten online communicatie rijksambtenaren – Programma van Eisen PKI Overheid – Code voor Informatiebeveiliging – Telecommunication Infrastructure Standard for Data Centers (TIA-942)
  • 20. Information Security and Risk Management Draft version WWW.IRP-MANAGEMENT.COM page: ‹#› Date: 27-1-2017 Baseline Informatiebeveiliging Rijksoverheid (2) (BIR)  Based on IEC/ISO 27002 – Principles and policies – Structure and Organisation – Asset management – HR and personnel – Physical and environmental security – Operations Security – Access Control – Acquisition – Encryption – Security Incident and Event Management – Continuity – Compliance