ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
TRANSCRIPT
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Taking a Holistic Approach to Cybersecurity
Abu SadeqFounder & CEO
Zartech
Nov 10, 2017
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
About me
• Currently Founder & CEO of Zartech – a cybersecurity products and advisory services company
• Also work as ‘Fractional CISO’ for several companies
• Over 20+ years in the technology space within diverse industries
• Creator of Cyberator - a best-of-breed
cybersecurity assessment tool
2
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Who invented the Internet?
3
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
The Birthplace of Internet
4
Room 3420 at the University of California, Los Angeles’s Boetler
Hall.
Back in 1969 the Advanced Research Projects Agency
Network (ARPANET) which developed the network that
became the basis for the Internet.
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 5
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
The Internet Today
6
- Google has indexed over 50 billion webpages
- 3.8 Billion Internet users in June 30, 2017
- 2.8 Billion active social media users
- 8.4 Billion Connected "Things" in Use and expected to be >25 Billion by 2020
- 1.6 Billion users purchasing via e-commerce
- Digital data stored in the cloud is 16.1 zettabytes
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
7
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
HACKED!
8
80M records/$100M+33M Records/$850M+
76M households/$1B+
1B records/$350M
40M records/$252M+
412M records
145M Records/$200M+56M records/$80M+
3K records/$35M
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
We need a holistic approach
9
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Start by taking a 360 view of your security program
10
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
NIST Cybersecurity Framework (CSF)
11
Text
Text
Text
Text
Protect
Detect
Respond
Recover Identify
Identify: What's the organization's
understanding to managing cybersecurity risk to systems, assets, data, and capabilities
Protect: What appropriate
safeguards have been developed and implemented to ensure delivery of critical infrastructure services
Detect: What appropriate activities
have been developed and implemented to identify the occurrence of a cybersecurity event
Respond: What appropriate activities
have been develop and implemented to take action regarding a detected
cybersecurity event
Recover: What appropriate activities
have been developed and implemented to maintain plans for resilience and to restore
any capabilities or services that were impaired due to a cybersecurity event
NISTCybersecurity
Framework
Text
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Why NIST CSF?
12
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Purpose of the NIST CSF
13
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Function: Identify
14
What's the organization's understanding to managing cybersecurity risk to systems, assets, data, and capabilities?
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Function: Protect
15
What appropriate safeguards have been developed and implemented to ensure delivery of critical infrastructure services?
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Function: Detect
16
What appropriate activities have been developed and implemented to identify the occurrence of a cybersecurity event?
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Function: Respond
17
What appropriate activities have been develop and implemented to take action regarding a detected cybersecurity event?
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Function: Recover
18
What appropriate activities have been developed and implemented to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event?
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
19
A number of studies show that implementation of these seven Controls provides an effective defense against the most common cyber attacks (~90% of attacks).
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
7 controls for effective defense
#1. Implementing a formal information security
governance approach
#2. Inventory of Authorized & Unauthorized Devices
#3. Inventory of Authorized & Unauthorized Software
#4. Secure Configurations for Hardware & Software on Mobile Devices, Laptops, Workstations, & Servers
#5. Continuous Vulnerability Assessment & Remediation
#6. Controlled Use of Administrative Privileges
#7. User Education & Awareness
20
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
21
Thank you