Info Sec Opportunity – Embracing Big Data with People, Process, & Technology
Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective programs via People, Process & Technology.
2. @NTXISSA
3Ps
• Purpose
• Discussion – “Security Opportunity – Embracing Big Data with
People, Process & Technology
• Process
• Review of slide presentation & collaborative discussion
• Product
• Increased awareness for participants to begin and/or expand upon
channels for utilizing Big Data to enhance their respective security
programs via People, Process & Technology
3. @NTXISSA
Robert L. Pace
• Over 15 years in Information Security, working with various companies
in different market verticals, both public and privately held.
• Career at Dell began in 2012. I am responsible for delivering and
managing a comprehensive Information Security Program for a major IT
Outsourcing engagement for Dell. Work activity requires leadership of
key IT Security governance processes, designing of security processes,
enhancement of IT Security policies and analysis of escalated security
threats for strategic countermeasures.
• Certifications – CISSP; CISM; C|CISO; ITILv3; Six Sigma Green Belt
• Education – Michigan State University – Bachelor of Science; Walsh
College of Accountancy & Business Administration – Master of Science;
Thunderbird Gavin International Institute – Executive Leadership
Program
• Contact – robert_pace@dell.com; (972) 577-5842
5. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 5
Data extracted from 2014 Global Report on the Cost of Cyber Crime, published by the Ponemon Institute
No Decrease in Cyber Attacks
“…..In our studies we look at 9 different attack vectors as the source of
the cyber crime. This year, the benchmark sample of 257 organizations
experienced 429 discernible cyber attacks or 1.6 attacks per company
each week. The list below shows the number of successful attacks for
the past three years, which has steadily increased.”
• FY 2014, 429 attacks in 257 organizations or 1.7 successful attacks per
company each week
• FY 2013, 343 attacks in 234 organizations or 1.4 successful attacks per
company each week
• FY 2012, 262 attacks in 199 organizations or 1.3 successful attacks per
company each week
Types of Attacks
Cost of Cyber Crime
IT Security Spend
Embracing Big Data – People, Process & Technology
6. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 6
Embracing Big Data – People, Process & Technology
Available Data - Corp & Business Centric
HR – Human Capital; Job Roles
Supply Chain; Vendor Mgmt; Contracts;PMO
Info Security Policies/Stds
AV; Encryption; IDS/IPS;
DB; Mainframe; MDM
File Integrity; HIDS; NIDS; Content
Filtering; FW; NAC;
Scanning Actions; DLP;
Identity Mgmt;
Industry Trends
Big Data View
Collection of data from multiple sources in an effort to gain better intelligence
Deliverable - IT Security Team Analyzes; Directs Remediation
7. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 7
Embracing Big Data – People, Process & Technology
Source: Dell SecureWorks Threat Analysis
Increasing Amount of Questions –
Primary Driver for Embracing “BIG DATA”
9. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 9
Embracing Big Data – People, Process & Technology
•A new attitude by businesses, non-profits, government
agencies, and individuals that combining data from multiple
sources could lead to better decisions.
•An all-encompassing term for any collection of data sets so
large and complex that it becomes difficult to process them
using traditional data processing applications.
•Volume; Variety; Velocity; Variability; Veracity; Value
Big Data
•The practice of defending information from unauthorized
access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction. It is a general term that
can be used regardless of the form the data
•Cornerstone concepts in the variety of definitions –
Confidentiality, Integrity & Availability
Information
Security
10. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 10
Embracing Big Data – People, Process & Technology
11. @NTXISSA
Big
Data
NTX ISSA Cyber Security Conference – April 24-25, 2015 11
Embracing Big Data – People, Process & Technology
Big Data
• SIEM Data
• Vulnerability Scanning
• Application Scanning
• Network Access Control
• MDM/MAM
Big Data
• GRC Application
• Asset Management (HW/SW)
• Incident Management
• Patch Management
• Identity & Access Management
Security Program Requires “Big Data” Coordination with
Organizational Maturity & Data Governance
12. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 12
Embracing Big Data – People, Process & Technology
People; PROCESS & Technology
Leveraging the V’s of “Big Data” to Enhance Context of Risk Definition
“IMPACT” X “PROBABILITY” = RISK
Actionable
Information
“VALUE”
Monitoring &
Logging
Incident
Management
Asset
Mgmt
Organizational
Infusion
Threat
Intelligence
Dynamic
Reporting
Emergence of Security
Business Intelligence - SBI
13. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 13
Embracing Big Data – People, Process & Technology
People; Process & TECHNOLOGY
Technology
• Leveraging technologies used by Marketing &
Advertisers
• NoSQL, Hadoop, MapReduce, etc.
• Accustomed to working with Petabytes,
Adaptable Structure & Automation Yielding Increased Security Posture
Big Data
• GRC Application
• Asset Management (HW/SW)
• Incident Management
• Patch Management
• SIEM Data
• Identity & Access
Management
• Vulnerability Scanning
• Application Scanning
• Wireless Detection Scanning
• Security Awareness Training
14. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 14
Embracing Big Data – People, Process & Technology
http://www.dataversity.net/big-data-demystified-market-analysis-and-business-potential/
Internet of Things
• All Market Segments Contributing
Marketing & Advertising
• Deeper Understanding of “Big Data”
• Centered on Yielding Business
Objectives
Diverseness of Landscape & Expected Volumes To Increase Exponentially
16. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 16
Embracing Big Data – People, Process & Technology
• Presentation at RSA Conference 2014 on Big Data
• Term Security Business Intelligence floated as new type of analysis needed
• Structure of heavy duty processor to effectively process the data in a timely manner
View of what Intel is considering ~ SBI centered on protection of their “ Intellectual Property”
18. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 18
Embracing Big Data – People, Process & Technology
Advertising &
Marketing Techniques
• Understand data mining
• Enormous capacities
Creative Thinking
• There is “no-box”
• Agile and Adaptable to the
situation….
• More self-healing controls
Data Structures
• Large collection, unbounded
• Schema on “Write” vs on
the “Read”
New Talent Level
• Heavy analytic skills
• Data Miners with Big Data
Certifications
• Will learn Information
Security….not core skill
Information Security Transformation... “Radical Thinking”
Potential Challenges & Risks for SBI and Big Data
PEOPLE; Process & Technology
19. @NTXISSANTX ISSA Cyber Security Conference – April 24-25, 2015 19
Embracing Big Data – People, Process & Technology
Questions
20. @NTXISSA@NTXISSA
The Collin College Engineering Department
Collin College Student Chapter of the North Texas ISSA
North Texas ISSA (Information Systems Security Association)
NTX ISSA Cyber Security Conference – April 24-25, 2015 20
Thank you