You might be compromised if…

advertisement
The Role of the CISO
Ron Baklarz
CISSP, CISA, CISM, NSA-IAM/IEM
**Warning sexually graphic content and subject matter**
1

Internal Factors Affecting the CISO Role
◦
◦
◦
◦
◦

Top 10 Coolest Information Security Jobs
What Makes a Good CISO?
Corporate culture
To Whom does the CISO report?
What are budget and staffing levels?
External Factors Affecting the CISO Role
◦ Regulatory aspects
◦ Risk factors of the organization

Personal Experience
Agenda
2
The Top 10 of the 20 Coolest Jobs in
Information Security
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Information Security Crime
Investigator/Forensic Expert
System, Network and/or Web Penetration
Tester
Forensic Analyst
Incident Responder
Security Architect
Malware Analyst
Network Security Engineer
Security Analyst
Computer Crime Investigator
CISO/ISO or Director of Security
www.sans.org
3
“Key responsibilities of a CSO include asset
management, security assessments,
development of a security strategy and
risk management plan, certification and
audit. In a nutshell, the CSO manages
risks for the organization and advises
senior management about risks to the
business and recommends a treatment for
the risk. “
May 30, 2007 Nalneesh Gaur
www.csoonline.com
4
What makes a good CISO?
- The ability to affect change.
- An understanding of how business
processes and information interact.
- An understanding of the technologies used
in your organization
- An understanding of legal and compliance
issues.
May 15, 2009 Boaz Gelbord
5

Experience
◦
◦
◦
◦
◦
◦
Military-focused organization
Government
Private Sector
Humanitarian
Healthcare
Transportation
Corporate Cultures
6
GLBA
SOX
HIPAA
PCI
FISMA
Regulatory Aspects
7
Titles: CISO, CSO, CRO, ISSO, Director,
Manager
Reports To: CIO, CFO, CRO, CEO, CTO
Never realized convergence of physocal
and logical security
Reporting & Organizational
Structures
8
Wearing the Chief Risk Officer Hat
9
Chronology of Data Breaches
- Started in 2005 subsequent to the
Choicepoint breach
-
As of September 25, 2009:
263, 674,426 records compromised
www.privacyrights.org
10
Category
Lost/Stolen Computers
Hackers
On-line Exposures
General Exposures
Lost/Stolen Media
Insiders
Email Exposures
Fraud
Number of
Breaches
341
210
201
167
120
61
32
30
Percentage
of Total
30%
18%
17%
14%
10%
5%
3%
3%
www.privacyrights.org
11





$3.5 Billion non-profit
Largest healthcare system in the
Washington DC-Baltimore area
8 hospitals and over 50 offices and
services
25,000 employees
5,000 affiliates
Personal Experience - MedStar
Health
12
Wearing the Chief Hacking Officer
Hat
13
Website
medstarhealthvna.org
mppdocs.org
mdcancer.org
medstardiabetes.org
medstarresearch.org
whcenter.org
Totals
Critical
Issues
6
13
82
13
0
446
High
Issues
10
74
18
18
3
9
Medium
Issues
188
1450
1241
123
230
2773
Low
Issues
365
2720
2351
222
452
5077
Totals
By Site
569
4257
3692
376
685
8305
560
132
6,005
11,187
17,884
MedStar Health – 2007
WebInspect
14
Wearing the Chief Investigative
Officer Hat
15
Investigation/Incident Summary Metrics
Carryover
2007
Jan
2008
Feb
2008
Email Abuse/Issue
96
4
3
Internet Abuse/Issue
30
3
2
HIPAA & Privacy Issues
14
2
2
Lost / Stolen
Media/Computers
HR/Legal/Compliance
Support
Forensic Analysis
8
1
2
Others
5
Subject
TOTALS
March
2008
April
2008
2
2008
Totals
10
10
5
5
Aggregate
Totals
106
40
19
13
8
4
4
12
2
1
2
11
7
3
1
38
5
6
201
163
3
4
1
1
1
10
10
Personal Experience – MedStar
Health
16
What is DLP?
DLP – Data Loss Prevention
17
DLP – First 45 minutes
18
Date
File Date
March
April
April
April
May
May
May
June
June
June
June
June
July
July
July
August
August
3/19/2007
4/11/2007
4/18/2007
4/25/2007
5/1/2007
5/11/2007
5/24/2007
6/4/2007
6/5/2007
6/16/2007
6/21/2007
6/25/2007
7/5/2007
7/16/2007
7/30/2007
8/2/2007
8/17/2007
DOW
Mon
Wed
Wed
Wed
Tue
Fri
Thur
Mon
Tue
Sat
Thur
Mon
Thur
Mon
Mon
Thur
Fri
Start Time
17:08
18:26
17:03
19:55
19:25
22:25
17:36
8:00
18:08
18:55
17:13
18:16
8:00
18:03
17:17
17:40
20:51
End Time
19:25
19:48
18:33
21:06
20:13
22:50
18:07
8:17
19:03
19:38
19:11
18:57
8:26
19:19
18:12
20:05
22:36
Duration
2:15
1:20
1:30
1:00
0:45
0:25
0:30
0:17
1:00
0:45
2:00
0:40
0:26
1:15
1:00
2:15
1:30
# of Images
# CP
45
205
266
344
182
208
231
113
607
351
368
53
247
514
300
122
580
45
25
25
75
20
10
5
5
10
10
10
5
15
10
10
0
15
4736
295
DLP – First 45 minutes & More
19





Affiliated physician
Coming in through VPN with static IP
assignment
Had VPN trail, firewall trail, DLP
corroboration
DLP easily assembled cases
FBI/BCPD investigated – confiscated work
computer
DLP – First 45 minutes & More
20

DLP – First 45 minutes
DLP – “The Officer is not a
gentleman”
21
“Attachments F and G are screenshots from
direct access to PC xxx.xxx.xxx.xxx and
specifically the “My Pictures/Pics” folder. The
details of this folder show that there are 49
subfolders with a total of over 1,300 mostly
pornographic images of different women
compartmentalized on a by-folder basis. “
Excerpt from investigative report
CISO.2007.155 dated October 1, 2007
DLP – “The Officer is not a
gentleman”
22
Q&A
End of Presentation
23
Download