February 2015
advertisement
Script The February 2015 THE NEWSLETTER KEEPING YOU CONNECTED WITH CREST Training Education ALSO INSIDE Update from Ian Glover CREST Panel Sessions and AGM Getting to know you? CRESTCon & IISP Congress An update from the IISP Member Focus New Members Training & Education Cyber security project The Script FEBRUARY 2015 The Script FEBRUARY 2015 U P DAT E Speakers announced for CRESTCon & IISP Congress AN UPDATE FROM IAN GLOVER Seems a long time ago now but I hope everyone enjoyed the Christmas and the New Year break. It doesn’t seem long since the last newsletter but a lot has happened…. There has been unprecedented interest in CREST membership with new applications increasing and existing members applying for additional categories. The team at CREST has done a fantastic job of managing this and maintain the very high standards required for membership. The period for Grandfathered penetration testing companies in the STAR scheme drew to a close at the end of January and the period for threat intelligence service suppliers ends in March. The transition from STAR into the BoE CBEST scheme has also been working very well. The BoE has been very happy with the information and evidence provided by CREST, which has allowed them to concentrate on the specific areas of the application that relate to financial services and the implementation of the scheme. Existing CREST members have benefited already from the two elements of the STAR scheme and the threat intelligence industry is responding to the process very well. There is significant interest in these schemes from overseas regulators and other parts of the Critical National Infrastructure. This will undoubtedly lead to additional opportunities for CREST members. For example, we were recently asked to present to a large group of banks and the regulator in Saudi Arabia. Some of these banks already mandate CREST or equivalent in their ITTs and view it as a true mark of quality. The Cyber Essentials work is gaining pace as CREST members mature their service offerings. In addition to including Cyber Essentials on procurement frameworks, the UK Government has agreed a marketing strategy for 2015, which should result in increased requirements for certification. CREST is looking to run workshops this year to examine the link between ISO 27001 and Cyber Essentials and other ways of extending the scheme into areas such as incident management. Talking of which, the incident management maturity model, free to download from the CREST website, is also gaining momentum. This allows companies to assess their own level of maturity or for CREST member companies to build a service around the assessment. There are already calls for anonymised results to be collated to allow industry comparisons. CREST will review this later in the year so any feedback on the tool would be most welcomed. We are also creating a marketing strategy for the Cyber Security Incident Response scheme. We held back on this last year whilst the CREST company membership numbers and the number of certified individuals increased but we now feel that there is sufficient capacity in the market to push this forward. There is also a great deal of interest in this area from law enforcement agencies and the finance sector, which will help to re-enforce the offering. International The CREST Executive has put together a first class strategy paper for internationalisation that is getting a lot of interest. Although we have dabbled with internationalisation before we feel strongly that this is the right time. We have significant interest from overseas buyers of CREST services in a surprising number of countries; we understand the legal structures and technical infrastructure required; we have support from in-country professional bodies who would like to work with us and, we have the support of member companies who want to expand into other regions. We also have the support of the UK Government that sees CREST as being part of the answer to increase cyber security exports. There will be a lot happening in this area this year. There is so much more I would like to say but it may well fill this edition of the Newsletter. Suffice to say we have been busy and 2015 will be a very exciting year. If you want to know more, make sure that you get your tickets for CRESTCon 2015! Thank you for all the help and support we have received from our member companies and others. Ian Glover, CREST President CRESTCon & IISP Congress takes place on 18th March at the Royal College of Surgeons. It is a unique event that brings together leading technical and business information security professionals. Now in its third year, the event has become a key date in the industry calendar, attracting an impressive line-up of speakers and over 300 senior delegates. Stream 1 Stream 2 09:00 - 09:30 Registration, coffee and pastries 09:00 - 09:30 09:30 - 09:40 Welcome: Ian Glover & Alastair MacWillson, CREST & IISP 09:30 - 09:40Welcome: Ian Glover & Alastair MacWillson, CREST & IISP 09:45 - 10:15 HP: TBC 09:45 - 10:30Mark Hughes, President, BT: What does the Future Bring? 10:20 - 11:05 Ryan Kazanciyan, Mandiant: Exploiting the Attacker’s Dilemma 10:35 - 11:05Andrzej Kawalec, CTO, HP: Specificity: what does this mean to you and your organisation 11:05 - 11:35 Coffee & Networking 11:40 - 12:10James Chappell, Digital Shadows: Threat Intelligence – Marketing Hype or Innovation 12.15 – 13.00Cam Buchannan & Adrian Nish, BAE: Intelligence led Penetration Testing - applying attack tradecraft and tools 13.00 – 14.00Lunch 14.00 - 14:30Dave Hartley, MWR: Fracking with Hybrid Mobile Applications 14:35 - 15:20Dor Tumarkin & Kyle Lovett, Cisco: Vulnerabilities of Mass Disruption: How SOHO devices are shaping and changing the landscape of information security on a global level. 15:20 - 15:50 Coffee & Networking 11:05 - 11:35 Registration, coffee & pastries Coffee & Networking 11:40 - 12:10 Martin Tyley, Partner, KPMG: Supply chain: Effectively managing the increasingly complex relationships with vendors, third parties and the supply chain 12.15 – 13.00Member case studies: Architecture David Frith, IA Consultant, Info-Assure Ltd: What an IA architect can do for you John Hughes, Consultant and Member of Faculty, InfoSec Skills Ltd: The challenges of Training Security Architects 13.00 – 14.00Lunch 14.00 - 14:30Hannah State Davey, Psychologist, and Natalie Fischer, Chartered Occupational Psychologist, Qinetiq: Understanding Human implications of Information Security 14:35 - 15:20 Member case studies: Identity 15:50 - 16:20Ollie Whitehouse & Andy Davis, NCC: Practical Security Assessments of IoT Devices and Systems Paul Simmonds, CEO, Global Identity Foundation: Build your house on rock not sand 16:25 - 16:55Steve Elliott, Context: RDP-Replay – The story Behind the Tool Robert Lapes, Head of Identity Advisory Services, Capgemini - The challenges of identity in the digital future 17.00- 17:05 Ian Glover: Closing Address 15:20 - 15:50 17:05 - 18:00CREST & IISP, Drinks and Networking: Sponsored by Nettitude 15:50 - 16:20Focus on Legal, Stewart Room, Global Head of Cyber Security and Data Protection Law, PwC 16:25 - 16:55 Coffee & Networking Focus on Cyber Insurance, Speaker TBC 17.00- 17:10Alastair MacWilson: Closing Address & Fellowship Awards 17:10 - 18:00CREST & IISP, Drinks and Networking: Sponsored by Nettitude The Script FEBRUARY 2015 CRESTCon & IISP Congress – ticket information Tickets for CRESTCon & IISP Congress can be purchased at: https://crestconandiispcongress2015.eventbrite.co.uk CREST member companies also have until 18th February to claim their free or discounted tickets and are urged to contact allie@crest-approved.org as soon as possible to check availability and book. CRESTCon & IISP Congress – Sponsorship Thank you to our headline sponsor HP and to all of our sponsors: 7Safe, Digital Shadows, CheckSec, Gotham Digital Science, InfoSecure, Nettitude, Security Alliance and Titania. Members The Script FEBRUARY 2015 Info-Assure Pentest Info-Assure is a leading European independent Formed in 2001, Pentest Limited is an provider of cyber security and information established, independent security consultancy, assurance services. Info-Assure provides specialising in Web Application Testing. Pentest information assurance, security testing and is a trusted provider to hundreds of UK and cyber incident response services. Our range International organisations, across a range of of comprehensive security testing services sectors including banking, telecommunications, includes application testing, infrastructure healthcare, IT and local and national testing, mobile application testing and government. infrastructure build reviews. Why should you sponsor? •Unrivalled opportunity to meet high level influencers and decision makers from business and government •Network with existing and potential clients and contacts from the wider information security industry •Position your company as a leading industry player within the CREST and IISP communities •Showcase your products, solutions and services •Attend presentations from high level speakers in two streams •Benefit from PR and other marketing opportunities throughout the year •Access names, job titles and companies from delegate list For details of how you can get involved, please contact Marc Callaway on: marc@crestandiisp.com, 07836 381075 “Info-Assure has extensive experience of organisations become more secure. Our delivering cyber security services to the UK consultants offer frank, reliable and practical Government sector and is a member of the advice for the sole benefit of the customer, CESG CLAS, CESG CHECK, CESG CAS, and rather than ‘building the account’. By CESG CTAS Schemes. Prior to becoming developing an individual relationship with each a CREST member, we had utilised CREST of our clients, ensures they understand the examination services to certify its CHECK business drivers, technical requirements and Security Testing staff,” said Martin Walsham, specific sensitivities of each requirement. Cyber Security and Information Assurance Services at Info-Assure. New There are still a few sponsorship opportunities left for the event and CREST and IISP members are entitled to a discount on packages. At Pentest, we genuinely seek to help “CREST is a widely recognised and well respected body in the information security He adds: “Info-Assure has long viewed CREST industry. Much of what we do relies on as the leading standard for the assessment of customer trust and confidence in our technical security penetration testing companies and capabilities, discretion and security processes. staff. We were then further very impressed CREST Membership provides our customers by the addition of the CREST CSIR and STAR with additional assurance that the trust schemes. At that point we decided CREST full they place in us is justified,” said Francesca membership was something we must be part Bowman, Marketing Manager at Pentest. of as an organisation.” The Script FEBRUARY 2015 New The Script FEBRUARY 2015 Members CNS Hut3 New Members and in the excellence of our consultants that landscape. The organisation brings expertise permits a total focus on efficiency, effectiveness in Information Technology Risk, Vulnerability and risk management, independently of any Management and Intrusion Detection from over technological flavours. 20 years of experience in multiple sectors across organisations from the FTSE 10 through to SMEs. IBM CNS Hut3 is a London-based cyber security At INTEGRITY we provide security consulting company specialising in the disciplines of services, as well as world-class penetration At JustASC, our staff comprise ex-senior Big4 services company with a proud history of information assurance and security assessment. testing services covering areas such as trusted advisors and true industry experts in technical innovation and leadership, building on Based next door to the Gherkin in Holland infrastructure, web applications, mobile, wifi and specific security disciplines, allowing us to bring over a century of research and development. House, we hold accreditations for CESG CHECK SCADA, performed by highly skilled consultants. the true meaning of the issue into pure business IBM seeks to shape the future of our industry context for our clients. Our experts can translate through prized research, development and even the most technical security issue into a technical talent around the world. At IBM, meaningful business risk that the board can penetration testing is just one of many security understand and action, safe in the knowledge it services that we offer. We monitor and manage is doing the right thing to continue the business 15 billion events daily in real-time, in some of on a strong path. the most complex networks in the world. IBM and Listed Advisor Schemes, Tiger Scheme and CREST, to name a few, as well as SC and MV clearances. Operating right at the bleeding edge of the cyber security industry, we provide clients with the newest, most thorough pen testing services. We also provide a persistent penetration testing service, KEEP-IT-SECURE24, where our consultants perform manual penetration testing and provide reporting through a vulnerability management platform where customers can monitor their risk levels, Commenting on the company’s CREST view vulnerability details and mitigation The organisation offers Threat Management, approved status, Edd Hardy, Head of Operations recommendations, manage their testing Secure Architecture & Incident Response services for CNS Hut3 said, “We wanted to achieve priorities, request re-testing and extract reports. as a complete end-to-end package, to ensure CREST approved status because of the respect CREST holds in the industry both from clients and testers. One of our abiding aims is to contribute to helping the industry move forward and we feel CREST is doing just that by helping “Being a CREST Member brings trust and recognition, as it ensures to our clients that we have passed CREST’s rigorous assessment and certification process to demonstrate standards in our security testing practice,” said Rui that our clients have the right visibility of the issues, appropriateness of control and detection, with a response to threats in real time. We make the issues tangible and pride ourselves in our ability to translate complex threats and “what IBM is the world’s largest IT and consulting also develops some of the most sophisticated testing tools in the industry, which are also used by our competitors. Teams of highly skilled security professionals identify and analyse new threats, often found and released to our clients before they are known to the public. IBM maintains the largest database of known cyber security threats in the world. ifs” into real world, actionable intelligence. “As CREST is one of the schemes that operate Since its incorporation, JustASC has developed in the penetration testing industry, we needed strategic partnerships with key vendors in the to be part of the CREST organisation to get marketplace to augment our delivery capability more involved in the community. CREST offers and provide the necessary connectivity between a great opportunity to gain access to wide JustASC the different aspects of the end-to-end process. reaching companies and people that are part INTEGRITY Advanced Security Consulting Limited “This has always been the badge we wanted INTEGRITY has been focused on consulting, (JustASC) is a specialist security services to display to our clients. CREST is the best and organisation offering consulting, managed most respected, most rigorous qualification in services, penetration testing, governance, risk, the industry and it is with great personal pride compliance and training, focussed on improving that we have achieved it. It wasn’t easy!” – Jay our client’s ability to manage the cyber threat Abbott, Managing Director at JustASC. the industry to grow up. CREST has set an exceptionally hard standard that presents a Shantilal, Managing Partner at INTEGRITY. challenge for the industry to rise to.” advisory and auditing in information security, telecom management and IT governance since 2009. We distinguish our practice based on a strong sense of impartiality and independence of it. At IBM, we really feel we can not only gain from being a member of CREST, but help enhance its reputation, knowledge and shape it for the future of the security industry,” said Brian McGlone, Senior Managing Security Consultant at IBM. The Script FEBRUARY 2015 CREST Panel Sessions and AGM 17 March 2015, Royal College of Surgeons CREST is holding a series of panel sessions for Members, which will be followed by the AGM, on Tuesday 17th March 2015, the day before CRESTCon. There is no charge to attend either the panel sessions or the AGM. Below is the agenda for the afternoon: Agenda The Script FEBRUARY 2015 An update from the IISP 12.45 - 13.30 Registration and coffee 13.30 - 14.30Cyber Essentials panel discussion and Q&A 14.30 - 15.00 CSIR scheme update 15.00 - 15.30 Coffee & networking 15.30 - 16.45STAR/CBEST panel discussion and Q&A Amanda Finch, general manager at the IISP gives a round-up of 2014 17.00 - 18.30AGM Please register your attendance at the panel sessions and/or the AGM at: https://crestpanelsandagm.eventbrite.co.uk/ Members’ Dinner In response to requests and interest we are arranging a Members’ Dinner after the AGM. We have secured a private room at a popular restaurant, which is just a few minutes walk from the Royal College of Surgeons. Details 17th March, 7.30pm Bacco Italian Restaurant 25-26 Red Lion Street, Holborn, London, WC1R 4PS Cost: £50 per head, which includes wine and service charge http://www.baccolondon.co.uk/about.aspx There is also an opportunity on the panel sessions and AGM booking page https://crestpanelsandagm.eventbrite.co.uk/ - to register your interest in attending the dinner and we will be in touch very shortly with booking details. T ime does seem to fly - where did the last 12 months go? The IISP certainly had another very busy year in 2014 and I while I catch my breath, I would like to highlight a few facts and figures. IISP membership has grown to over 2,000 individual members and we also welcomed 14 new corporate members in 2014, bringing the total to 35. We have continued to grow the CCP scheme and have now issued over 1,000 CCP certificates; while also working with CESG on developing the new CCP roles to be introduced this year. Furthermore, we have increased links with training organisations and have a growing portfolio of 16 accredited courses, which we will be adding to next year. We have also strengthened links with academia and now have a total of 12 academic partners as well as a significant rise in student membership. On the events front, as well as our successful second IISP Congress, which was run in conjunction with CRESTCon, we held 15 branch meetings and will be looking to set up two new branches in 2015. We were also able to offer member discounts or free places for over 30 industry events and our Associate Development Programme for corporate members goes from strength to strength with a two-year programme now in place. The IISP Skills Framework is increasingly used to measure information security capability. In addition to the work being done by CESG to use the framework to certify training and university courses and by e-skills UK to build a national occupational standard, the framework is also being used by our corporate members to benchmark and develop capability within their organisations. Within the Secretariat, we have implemented a number of internal efficiencies, relocated the London office and added a new office in Evesham to help us to be closer to the membership in Central England and welcomed new people into the team. One thing is for sure, we expect 2015 to be just as busy and look forward to updating you on our progress. The Script FEBRUARY 2015 The Script FEBRUARY 2015 T Training Education here has been a significant increase in the demand for Practitioner level examinations. This has not only been driven by the requirements of Cyber Essentials, but also because CREST members view it as being the first tangible step on a penetration testing career. We have also started to assess training courses against the syllabus, which are on the CREST website. Classroom based training combined with practical application is ideal for those operating or aspiring to this level. All the training providers assessed by CREST are suitable to be included in the Tech Partnership (formally e-Skills UK) development pathways. CREST has also been working to help define the new Trailblazer Cyber Analyst Higher Apprenticeship scheme. This is a fantastic opportunity for CREST member companies to employ young people, put them through a formal development programme part funded by the Government, and for the apprentice to come out with a CREST qualification and degree. This is a major new initiative and has a significant amount of Government support. Anyone wishing to know more or would be willing to take on an apprentice, please email. The monitoring and logging research project is going extremely well. The attendance and enthusiasm at workshops and responses to requests for site visits and detailed questionnaires has been overwhelming. We are already working with other influencers on defining additional research activities which will be announced soon. The CREST work we have been doing on supporting careers is now part of the UK Cyber Security Strategy and the website developed from this work will have a Ministerial launch in the second quarter of 2015. We are still looking for more ‘Day in the Life’ films, so if you would be willing to help and gain significant exposure for your company please contact Allie Andrews at PRPR – allie@crest-approved.org. The Script FEBRUARY 2015 The Script FEBRUARY 2015 New entrant Getting to Member focus to know you Name: Michael Marriott Company: Digital Shadows Professional: How did you first hear about CREST and what has your involvement with CREST been? I first came across the work of CREST whilst I was researching for my dissertation. I was looking at the role of SMEs in cyber security when a contact put me in touch with Ian Glover. Ian was good enough to take the time to talk me through the current schemes in place and how the industry was developing. It was obvious that CREST’s work is critical to the success of the cyber security industry. Two months later, I had finished my Masters and was hunting for a job. A vacancy popped up at Digital Shadows and I haven’t looked back since. What better place than an innovative cyber security start-up that was at the forefront of defining CBEST? My next engagement with CREST will be in March when I will be attending the CrestCon and IISP Congress. What is your best advice to anyone entering a career in infosecurity? I’d say go for it – infosec is an exciting, fast-growing industry and there are huge opportunities. It’s tricky to pick the right role for you, of course. There is a vast range of companies operating in the industry, from prevention to investigation. None of these are better or worse; they’re all different in terms of being a job and depend on what stage of your career you’re at and what interests you the most. There’s the added challenge of picking which sized company is best for you. Large companies can be great for training opportunities and remuneration, whereas with start-up companies give you the opportunity to shape the company and carve your own niche. For me, the opportunity to work for a small, agile company with an exciting offering was a huge appeal. Since I’ve joined it’s been high-paced and I’ve had to hit the ground running – clients are flooding in and we’ll be opening a couple of offices in the US in the coming months. What degree or other qualification did you do and how did it help get you into infosecurity? It was during my MA in Applied Security and Strategy that I first began to consider a role in infosecurity. The course focuses on war-gaming, scenario planning and red-teaming which are fastbecoming key analytic tools for infosecurity. Biog: Michael joined Digital Shadows in late 2014. He holds a BA in History and MA in Applied Security and Strategy, both from the University of Exeter. Job Title: Marketing and Sales Operations Traditionally infosecurity has attracted more technical individuals whereas threat intelligence also attracts those from a humanities background, such as history and sociology. What surprised you the most when you started working in this field? How much of a friendly community the information security world is. There’s a growing sense that there is no silver bullet for the range of challenges we face and each company has its own contribution to make. Competition inevitably comes with the territory but, importantly, there’s also a spirit of cooperation which reminds us that we’re all on the same side. How do you see the industry developing in the future? The adoption of cloud and mobile devices and the rise of industrialised attackers is forcing the traditional infosecurity industry to keep on its toes and embrace new disciplines such as threat intelligence. We’ve also seen the beginning of an intersection between cyber and physical security, and this is likely to continue over the next five years. Watch out for the Government’s upcoming 2015 Strategic Defence and Security Review (SDSR), which is likely to list cyber security as a top priority for the UK. We’ll most likely see a call for greater collaboration and better situational awareness. Personal: Do you have a celebrity “doppelganger”? I’m increasingly being likened to Chris O’Dowd, which must either mean I’m fully part of the I.T. crowd or I’ve been over-indulging. What is your ideal holiday destination? Krakow – I studied there for a year and absolutely love the place. It’s a beautiful place with great people. I’d be lying if I said 60 pence beer wasn’t a factor too. What is your favourite film? Depending on my mood, either Pulp Fiction (a classic) or The Intouchables - well into the double figures for viewing both films. 7safe 7 Safe’s Cyber Security Team is led by Steve Bailey (M.Inst.ISP) and with over 25 years’ experience of security work, Steve sees his current role as the most empowering. “Leading a team of highly capable people, from hard-core technical experts through to strategists, delivering for a wide range of clients across the world, means that every day is different and I am constantly learning new things from the team,” says Steve. One part of the 7Safe practice is focused on cyber security, delivering technical security services such as ethical hacking, PCI-DSS and Information Security policy, strategy and controls. This also increasingly includes people risk as well as threat and risk assessments. The other team is focused on eDiscovery and digital forensics. This expertise led to 7Safe authoring the Good Practice Guide for Computer Based Electronic Evidence with ACPO, while its work with law enforcement agencies in both education and investigations continues to complement its growing involvement with large corporates. Both teams have a presence in PA Consulting’s technology labs in Cambridge in addition to offices in London, augmented with a team of technical security consultants in Bangalore. As well as delivering for clients across Europe, 7Safe specialists have recently been working as far afield as Brazil and the Middle East, in environments diverse as cruise ships and night clubs. Sadly, the pentest for a Bahamas-based retailer was conducted offsite. 7Safe was acquired by PA Consulting in 2011 to enhance its strong cyber security offering and this puts 7Safe in a unique position. “We are still very much a boutique technical security team yet, as part of the wider PA Consulting Group, we can reach back into the skills of a world-class management consulting firm,” says Steve. “‘We are increasingly complementing our technical security testing and forensic work with broader security consulting work or even wider capabilities like systems engineering or business change.” The range of organisations that 7Safe works with is incredibly varied and the assignments that consultants work on range from small jobs for retailers or law firms for a few days, to multi-year security partnerships with multinational companies. Training has always been at the heart of 7Safe’s approach, with the first courses being launched over ten years ago. These training courses are very much hands-on and run by delivery consultants, which is great for the students as they get taught by professionals who are real experts very much practising what they preach. For 7Safe’s consultants this means that one day they can be out solving real problems with our clients and the next day educating others, giving them great variety and challenge. Aleksander Gorkowienko leads the Penetration Testing Team and you can regularly see him talking to clients, running training courses, leading testing programmes or meeting with one of our medical device experts in our Technology Group to discuss how to secure them from attack. He finds this multitude of activities not only gives him true variety, but has also allowed him to continuously develop his technical skills. Aleksander says: “At 7Safe we have a unique team of highly knowledgeable and experienced security consultants. The key to our success is that we listen to our customers and work with people who are truly passionate about what they do, are eager to learn and are tenacious when it comes to solving problems. The research and development work we do quite often continues at home, causing many a sleepless night! We are experimenting, learning, trying new tools and techniques every day and doing everything needed to stay one step ahead of the real hackers.” Today the portfolio of courses extends to 13 different standard technical courses and, as companies look to increase their overall security awareness, 7Safe is frequently asked for bespoke training packages on anything from social engineering to building secure applications. The hands-on, classroom training courses can be used towards a Masters Degree in Information Security under a partnership with De Montfort University and 7Safe’s ethical hacking courses were recently accredited by CREST. Richard Allen, the head of training was delighted with the CREST accreditation and looks forward to further collaboration. ”I’m thrilled that CREST has recognised the hard work and commitment that goes into developing and maintaining our market-leading training courses. Our newly accredited courses have been developed to enable delegates to enter or progress within this exciting industry, tackle cyber security attacks and prepare for their CREST exams.’ As the world we live in becomes ever more connected, 7Safe intends to continue taking the lead on helping organisations to develop, maintain and capitalise on their cyber security and information investigation capabilities, increasing overall trust in the systems that they operate and getting greater value out of the information that they hold. The Script FEBRUARY 2015 The Script FEBRUARY 2015 to CREST Cyber security monitoring and logging project An update from Jason Creasey, Project Manager The final validation workshop for the cyber security monitoring and logging research project has now been completed. This was kindly hosted by Deloitte in Reading. It was highly productive and popular, with 34 workshop participants validating key project findings and analysing results from the 66 responses to the consumer requirements survey. The workshop included interactive breakout sessions that helped define best practice for: 1. Cyber security monitoring and logging in practice; defining pragmatic log management and improving situational awareness 2. The evolving role of suppliers in cyber security monitoring and logging; designing the next generation of SOCs and developing services to meet requirements The main findings from the project are that organisations need to: • Identify potential indicators of compromise (IOC) at an early stage • Investigate them effectively • Take appropriate action to reduce the frequency and impact of cyber security incidents. Research on the project is now complete and the focus is now on production of the final Cyber Security Monitoring and Logging Guide. This Guide will: • The objectives of this are to help organisations to: • Become more difficult for cyber security adversaries to attack • Reduce the frequency and impact of cyber security incidents • Meet compliance requirements • Identify and respond to cyber security incidents quickly and effectively • Determine what to outsource, why and to whom. • • Present details about how to monitor and log cyber security events, many of which are potential indicators of compromise (IOC) that can lead to cyber security incidents if not addressed quickly and effectively Provide practical advice on how to deal with suspicious events, use cyber security intelligence and address the main challenges Enable organisations to priorities and manage myriad event logs; build an effective cyber security monitoring process and learn about where and how they can get help. The release of the final Guide is planned for Spring 2015. Getting to know you Name: Louise Pordage Company: N ational Cyber Crime Unit Job Title: Industry Partnerships Manager What is the role of the National Cyber Crime Unit (NCCU)? The National Cyber Crime Unit (NCCU) is part of the National Crime Agency and has the responsibility to lead, support and co-ordinate operational and high-impact activity against the most significant cyber crime threats to the UK. In order to understand the cyber crime threat and deliver a targeted and high impact response, the NCCU has placed partnership working at the heart of its approach. The NCCU has a dedicated partnership team focused on developing both strategic and tactical relationships across the community, including: national and international policing; other national partners, including CERT UK, and with industry and academia. What is your role within the National Cyber Crime Unit? It is my role to head up our industry partnership team. My team for the last year has been working to develop relationships across a variety of sectors: financial, internet service providers, retail, security and hosting providers to name a few, with the mission to start to build a law enforcement and industry community. There are a number of factors that have been central to our outreach plan, but in essence the focus has been on building trust. We have looked to achieve this through sharing our understanding of the threat; listening and responding to the threats that partners and their customers are experiencing; by engaging partners in operational activity; providing feedback to referrals; maintaining contact with our partners; ensuring our efforts are joined up with other government and law enforcement partners; and proactively identifying opportunities for collaboration. We are still at the beginning of this journey, but certainly from my experience over the last year, the opportunities to work together to understand and respond to cyber crime are truly transformational. How does the NCCU work with industry partners? I think trust is built through doing, and showing commitment and respect to those that you partner with. These values sit at the heart of what my team are working hard to achieve. Over the last year we have been engaging with our partners in a number of ways in order to support the priorities of the NCCU, to understand the cyber crime threat, deliver a targeted and high impact response and hear from our industry partners about the latest threats causing harm to the UK. To make this happen, we provide a number of routes for engaging with the NCCU. In January 2014, we established a cross sector industry group with the mission to work in partnership to identify intelligence gaps; understand the capabilities available in law enforcement and industry, and embark on joint working. This group has placed industry within the Cyber Crime Strategic Governance model. We also run sector specific groups where we are looking to encourage collaboration across the sector; engage through other established groups, and pull together relevant stakeholders when there is a particular threat or operation. We have also recognised the great value of engaging 1-2-1 with partners, and although this can be resource intensive, these meetings have been fundamental to briefing on the NCCU: our interests, the importance of working in partnership, identifying mutual interests and building trust. What happens now? The NCCU Industry team have engaged with a number of CREST members over the last year, but we look forward to the opportunity to further develop the relationship. We are particularly interested in how we could collaborate on investigations, hear about new vulnerabilities you are seeing and collectively encourage industry to engage law enforcement and policing partners. The Script FEBRUARY 2015 Training Course Accreditation CREST has now accredited a number of training courses. Information on all of them is available on the CREST website at: http://crest-approved.org/training-and-academia/crest-accredited-training-courses/index.html. All of the courses have been assessed against the CREST syllabus areas and the UK National Occupational Standards. Courses assessed by CREST are recognised by the Tech Partnership (formerly e-Skills UK) and can be included on its website and careers pathways. They are also recognised by the IISP (Institute of Information Security Professionals) and are included on its website. For further information on how to get a training course accredited by CREST, go to: http://www.crest-approved.org/ training-and-academia/how-to-get-your-training-course-assessed/index.htm Working with Recruiters Over the last few months CREST has held two workshops with representatives from technical information security recruitment companies. These have been very well attended and positive, with participants keen to engage with CREST to develop an industry-specific differentiator. The first meeting also included representatives from CESG, BIS and e-Skills (now Tech Partnership). The second focused on developing a Code of Ethics and Good Practice that recruitment companies could in the future be asked to comply with, along with the development of questions that they will need to respond to. 522 Uxbridge Road, Pinner, Middlesex, HA5 3PU. CREST is a not for profit company registered in the UK with company number 06024007.
