Building A Security Program From The Ground Up

  • Slides: 26
Download presentation
Building A Security Program From The Ground Up

Building A Security Program From The Ground Up

Agenda • • Understand Info. Sec role in the business Assess risks to the

Agenda • • Understand Info. Sec role in the business Assess risks to the business Secure support and funding from management Document approach Selection and tuning of tools Reporting Monitoring Gain cooperation and support from IT teams

Background • Studied Music at University of North Texas • Played and taught guitar

Background • Studied Music at University of North Texas • Played and taught guitar from 1984 to 2000 • Attended SMU MCSE Program • Started in IT in 2000 as Windows AD admin • Moved into security in 2006

Overview of past work • • • Heartland Payment Systems Acquired by Global Payment

Overview of past work • • • Heartland Payment Systems Acquired by Global Payment Systems 5 th largest card acquirer in US 4 years as systems administrator 6 ½ as Security Manager 2009 Massive security breach

Overview of past work • International Security Manger • Responsible for Europe, Australia and

Overview of past work • International Security Manger • Responsible for Europe, Australia and New Zealand locations • Sr. Security Manager • Global IT Security Operations

Business World

Business World

Money

Money

Risk Financial Loss • Ecommerce Downtime • Customer data • Fraud • Litigation •

Risk Financial Loss • Ecommerce Downtime • Customer data • Fraud • Litigation • Damage to Brand Possibility and Probability

Breaches Sell Security 2013 – 2014 Security Breaches 2013 Target Breach • 252 Million

Breaches Sell Security 2013 – 2014 Security Breaches 2013 Target Breach • 252 Million Dollars to resolve • Recommend to fire 7 of 10 board members

The Hard Sell Give them data! Top down or busting out of IT Department

The Hard Sell Give them data! Top down or busting out of IT Department Data to justify tools • Downtime due to malware infections • Data on attacks against websites • Data on investment per record • Breach cost per record (Sector)

Existing tools Data • Accurate data on phishing • Infections due to clicking •

Existing tools Data • Accurate data on phishing • Infections due to clicking • Amount data encrypted from Ransomware • Time to recovery (hours of downtime) • Tie it to something the business can understand

Data From Board Presentation

Data From Board Presentation

Where to Start • • ID data most valuable to the company Who need

Where to Start • • ID data most valuable to the company Who need access to data Applications Systems Network Controls Monitor

Create Policies and Standards Time Consuming but important • Acceptable use policy • VPN

Create Policies and Standards Time Consuming but important • Acceptable use policy • VPN Policy • Incident Response Policy • Firewall configuration standard • Web Proxy configuration standard Obtain signoff from IT and or Business www. sans. org/info/166795

Security Infrastructure Make roadmap (Have a plan) Identify, Protect, Detect, Respond and Recover (NIST

Security Infrastructure Make roadmap (Have a plan) Identify, Protect, Detect, Respond and Recover (NIST Security Domains) Target most useful tools • Firewalls • IDS • Endpoint systems • Web Proxy • Log correlation • Vulnerability Scanner Better to have a few tools tuned well than many half implemented

Monitor Events and Alerts and events from • Anti-Virus • IDS • Endpoint agents

Monitor Events and Alerts and events from • Anti-Virus • IDS • Endpoint agents • Web proxy logs • Failed login attempts • Outbound connections attempts

IT Teams • They want the company to be secure • They just don’t

IT Teams • They want the company to be secure • They just don’t want more work on them • Often believe security wants to “Shut everything down” • Security doesn’t understand SLAs • Often they don’t know what to fix • Varying levels of talent

IT and Security Culture • Partner with teams • Often best resource for reporting

IT and Security Culture • Partner with teams • Often best resource for reporting incidents • Do research to enable quick remediation • Be reasonable about requests • Understand their job responsibility • Attend Change Control Meetings

International Security • • Understand culture Learn about their business Review organization structure Listen

International Security • • Understand culture Learn about their business Review organization structure Listen to their concerns Acknowledge their accomplishments Reassure you won’t break their systems Report findings in a constructive manner

Lack of Cooperation • IT teams or individuals difficult to work with • Non-cooperative

Lack of Cooperation • IT teams or individuals difficult to work with • Non-cooperative • Obstructive

Strictly Business not Personal

Strictly Business not Personal

Questions

Questions