Add to collection(s) Add to saved
  1. Business

I.T. Security: Protecting Your Key Corporate Assets

advertisement 
THE EVOLUTION OF
SECURITY INCIDENT
MANAGEMENT
PRACTICES
Facing New Threat Paradigms
8/10/2015
Dr. Emmanouil Serrelis
CISM, BEng, MSc, MBA, PhD
eserrelis@metropolitan.edu.gr
2
The evolution of a soldier
3
Current attack surface
4
Current attack surface
5
New attack surface
6
New attack surface
7
New attack paradigms
• Trust exploitation
• Hackers Intelligence
• Medium-neutral attacks (e.g. Cloud, O/S, IoT)
• Industry-specific attacks (e.g. Pharma trojan)
• Combination attacks (e.g. Bank Insider Fraud)
• Unknown attacks
• Are they really?
The current answer: Incident Management
9
Incident management best practices
• Define: What is an incident for you?
• Develop workflows: What should you do in case of…?
• Obtain resources: Who/what should be involved?
• Train: What should you know beforehand?
• Prepare Plan B: What if workflows fail?
• Communicate: Who should be informed about what?
• Integrate: Who are your business / technical liaisons?
• Enrich knowledge: What should be added to your
knowledge base?
• Review and Report: What are the conclusions?
• Evolve: How should the whole process be improved?
10
A new perspective: Drivers
• Current research activity
• Metropolitan College: Information Security and
Computer Forensics research team
• Current applications and services are protected through
enterprise-wide mechanisms and processes,
e.g. corporate SIEM solutions, SOC as a Managed
service
• Protection mechanisms are based on:
• Integration capabilities of applications and services
• Knowledge of applications and services internal
structure and function
11
A new perspective: Principles
• What if we start building apps and services ready to
integrate to Open SOCs that would dynamically:
• Indicate most risky vulnerable points
• Indicate most risky suspicious actions
• Indicate less risky countermeasures
• Open SOCs could combine the collective knowledge of:
• Corporate SIEM solutions
• Intelligence networks
• Security vulnerabilities and threat DBs
• etc.
12
A new perspective: Development
• Relevant efforts exist, e.g. Cisco OpenSOC
• However, our design is build to :
• include non-network data as well
• accommodate confidentiality needs of sensitive
service data
• combine heterogeneous sources (e.g. anti-fraud and
SIEM systems)
• Integrate to app or a SOC middleware (as opposed to
the SOC itself)
• Find me later to talk more about it … :)
Hold these thoughts…
• Attacks change their pattern and techniques
• The attack surface continues to increase
• Focus on critical services and goods – not the medium
• Act as in a “state of compromisation” – Stay alert
• Invest on people’s awareness
• Standardize and automate procedures
• Introduce business-oriented Risk factor in incident monitoring
• More on tomorrow's workshop “Production-Oriented Risk Management Techniques for
Managing Cybercrime Threats”
• Become active member of Community Intelligence Networks
(e.g. CCS)
THE EVOLUTION OF
SECURITY INCIDENT
MANAGEMENT
PRACTICES
Facing New Threat Paradigms
Thank you!
8/10/2015
Dr. Emmanouil Serrelis
CISM, BEng, MSc, MBA, PhD
eserrelis@metropolitan.edu.gr
Related documents
Critically incident technique The Critical Incident Technique (or CIT
Critically incident technique The Critical Incident Technique (or CIT
siems
siems
Near Miss Incident Reporting and Investigation
Near Miss Incident Reporting and Investigation
ACADEMIC INTEGRITY VIOLATION FORM
ACADEMIC INTEGRITY VIOLATION FORM
Incident Reporting Form
Incident Reporting Form
Developmental Pathways-Early Intervention Incident Report
Developmental Pathways-Early Intervention Incident Report
illicit discharge report form - Licking Soil and Water Conservation
illicit discharge report form - Licking Soil and Water Conservation
Remove Frame - Disaster Management Centre
Remove Frame - Disaster Management Centre
CISM Exam Preparation
CISM Exam Preparation
Ground Team Leader Course “ICS, CISM & some other letters”
Ground Team Leader Course “ICS, CISM & some other letters”
SEC504: Hacker Techniques, Exploits, and Incident Handling
SEC504: Hacker Techniques, Exploits, and Incident Handling
Chapter 6: Assuring Reliable and Secure IT Services
Chapter 6: Assuring Reliable and Secure IT Services
Regional Marketing and Communications
Regional Marketing and Communications
Compliance in Vulnerability Scanners and SIEM
Compliance in Vulnerability Scanners and SIEM
Building a World-Class Security Operations Center: A Roadmap
Building a World-Class Security Operations Center: A Roadmap
Critical Incident Stress
Critical Incident Stress
Security Information/Event Management SDLC
Security Information/Event Management SDLC
Unified Security Management vs. SIEM
Unified Security Management vs. SIEM
Creating and Maintaining a SOC
Creating and Maintaining a SOC
CSOC
CSOC
The Complete Guide to Log and Event Management
The Complete Guide to Log and Event Management
Critical Capabilities for Security Information and Event Management
Critical Capabilities for Security Information and Event Management
Download
advertisement