Pwc Threat And Vulnerability Management (TVM)

2y ago
32 Views
2 Downloads
357.49 KB
20 Pages
Last View : 15d ago
Last Download : 6m ago
Upload by : Jayda Dunning
Transcription

www.pwc.comThreat and VulnerabilityManagement (TVM)Protecting IT assets througha comprehensive programChicago IIA/ISACA2nd Annual Hacking ConferenceOctober 2015

IntroductionsPaul HindsManaging DirectorCybersecurity and Privacy PracticeChicago, ILpaul.hinds@pwc.comDavid Eccles-AmbroseSenior AssociateCybersecurity and Privacy PracticeChicago, ILdavid.eccles-ambrose@pwc.comThreat and Vulnerability Management (TVM)PwCOctober 20152

Agenda1. Changing Risk and Protection Models2. Threat and Vulnerability Management Programs3. QuestionsThreat and Vulnerability Management (TVM)PwCOctober 20153

Changing Risk and Protection ModelsThreat and Vulnerability Management (TVM)PwCOctober 20154

Data Privacy & Information Security Risks Companies face several financial risks Compliance with governmentor industry regulations(HIPAA, PCI, GLBA, COPPA,FTC Act) Compliance with selfregulatory frameworks (i.e.,U.S.-EU Safe Harbor, TRUSTe,DMA OBA Principles)ComplianceFinancialassociated with a breach: Federal or state regulatory fines Stock price decline Remediation effortsRisk FactorsReputational Negative impact to the brand Loss of employee, customer,& investor confidenceThreat and Vulnerability Management (TVM)PwCLegalRegulatory Companies are experiencingincreasing lawsuits from: Employees Customers Investors Enforcement actions from federaland state agencies Regulatory inquires may requirelong-term third party remediationin order to verify regulatoryOctober 2015compliance5

What kinds of questions should you be asking?12What are the company’s compliance requirements?What is the culture of the company and what is the philosophy regarding data privacy and security?Who will lead the efforts for information security & privacy (e.g., Steering Committee)?How does the company ensure alignment between the management and staff?What is the company trying to achieve with its information security/privacy program?CompanyCulture SensitiveInformation What sensitive data does the company collect, use, disclose, dispose, etc.? Is there a process to ensure customers are provided proper notice, choice, and consent with respectto the company’s data collection, use, and disclosure practices? How does the company ensure data practices comply with customer privacy notices/policies? Has the company classified and inventoried that data? Has the company's data been exposed – and would management know if it were?Does the company know what breach indicators it should be monitoring?Has the company released any new products that collect PII/SPI (i.e., websites, mobile apps, etc.)?Has the company introduced any new technologies that access or store sensitive information (i.e.,mobile devices , social media sites, cloud service providers, etc.)?3Threats4BuildingProtections Has the company established formal governance and controls around the data privacy lifecycle (i.e.,notice, consent/choice, collection, access, disclosure, use, retention, disposal, security, etc.)? Are such controls and safeguards periodically tested and monitored? Have the controls and safeguards been updated to respond to changing business models?Responding toIncidents Has the company established formal plans to respond to privacy and security incidents when theyoccur? Is there a cross-functional team in place to monitor, investigate and respond to incidents? Is the company prepared to respond to legal actions? If a regulator were to inquire or investigate, would the company be prepared to respond?5Threat and Vulnerability Management (TVM)PwCOctober 20156

Having a Program In Place to Protect DataA comprehensive program is needed to address the myriad of compliancerequirements, and to protect consumer information and sensitive oring &AuditingRiskAssessmentTraining &AwarenessProcesses &ControlsTechnicalSecurity &ControlsThreat and Vulnerability Management (TVM)PwCOctober 20157

Global State of Information Security SurveyIndustry practice or toolPercent of respondents using therespective practice or toolHave an overall information security strategy81%Employ Chief Information Security Officer74%Employ security information & event management (SIEM)technologies66%Established security baselines/standards for urity strategy for employee use of personal devices onthe enterprise62%Intrusion-prevention tools60%Vulnerability scanning tools60%Intrusion-detection tools60%Active monitoring/analysis of information securityintelligence59%Vulnerability assessments54%www.pwc.com/gsiss2015

Threat and Vulnerability Management (TVM)ProgramsThreat and Vulnerability Management (TVM)PwCOctober 20159

Breach Indicator MethodologyWhy?1Baseline Network Scan Acquire running state information from information technology networkusing WMI/Linux shell scriptsConfigure scanning tools to network specificationsUse initial scan data to represent current state of network Customize and tuneour solution for theclient network Determine presentstate deviation frombaseline Correlate end-pointresults with expandednetwork knowledgeWork with internal information technology teams to determine businessjustification for processes and network connections that exist withinenvironmentEstablish baseline limited to authorized system or network activity Validate technicalresults and buildthreat profileCategorize the assessment observations by risk in a detailed observationsmatrix for leadership to reviewBusiness impact discussion with key stakeholders Document results forstakeholderremediation decisions2Analysis of RunningProcesses3Network Log Analysis 4Output Analysis / ThreatIntelligence Review Review and analyze collected running process information forworkstations and serversAnalyze for statistical anomalies and compare against our proprietary listof known breach indicatorsReview collected information for network connectionsMay request certain log data from monitoring technologies for analysis(firewall, proxy, Web server, Intrusion Detection System, etc.)Provide a thorough picture of the state of the network5Report Findings Threat and Vulnerability Management (TVM)PwCOctober 201510

Components of a TVM ProgramDefining program ownership, policies andprocedures, and integration with enterpriserisk management programActively monitoring and enhancingthe TVM programTVM SecurityStrategy &PlanningDetecting breaches, roguetechnologies, and malicious activities.Threat andvulnerabilitymanagementprogramIsolating and resolving assetsecurity issues once identifiedThreat and Vulnerability Management (TVM)PwCThreat andVulnerabilityEvaluationEvaluating threats and vulnerabilities andestablishing communication and trackingmechanismsActively identifying assetweaknesses before they can beexploited by an attackOctober 201511

TVM Program – 20 Integrated CapabilitiesProgram ownershipPolicy and proceduresIntegration with risk managementProgram maturityenhancementTVM SecurityStrategy &PlanningIntrusion monitoringMalicious program detectionThreat awarenessRogue technology discoveryReportingLog activity analysisThreat andvulnerabilitymanagementprogramCompliance testingSecurity infrastructureimplementationVulnerability scanningSecurity remediationIncident responseThreat andVulnerabilityEvaluationPenetration testingIntelligence analysisSecurity intelligenceCommunication and trackingThreat and Vulnerability Management (TVM)PwCControls effectiveness evaluationOctober 201512

TVM Program – ScorecardProgram ownershipPolicy and proceduresIntegration with risk managementProgram maturityenhancementTVM SecurityStrategy &PlanningIntrusion monitoringMalicious program detectionThreat awarenessRogue technology discoveryLog activity analysisReportingThreat andvulnerabilitymanagementprogramCompliance testingSecurity infrastructureimplementationVulnerability scanningSecurity remediationIncident responseThreat andVulnerabilityEvaluationPenetration testingIntelligence analysisSecurity intelligenceCommunication and trackingThreat and Vulnerability Management (TVM)PwCControls effectiveness evaluationOctober 201513

TVM Security Strategy & Planning AssessmentProgram ownershipThe governance structure must ensure that designatedindividuals have the capacity to hold asset ownersaccountable.Policy and procedureManagement’s intent and directives are documented inthe relevant policies and procedures, but must beenhanced with additional security awareness training.Integration with risk managementTVM SecurityStrategy &PlanningThreat andvulnerabilitymanagementprogramThreat andVulnerabilityEvaluationAn integrated TVM program which enhances the overallenterprise information security risk managementprogramDefining program ownership,policies, procedures, andintegration with enterpriserisk management programThreat and Vulnerability Management (TVM)PwCOctober 201514

Threat Detection Capabilities AnalysisIntrusion monitoringThere’s lots of options- host based like OSSEC, or networkbased like SNORT, but how do you assess theeffectiveness of the intrusion monitoring?TVM SecurityStrategy &PlanningMalicious program detectionRogue security software, adware, and spyware.Rogue technology discoveryIt can be difficult to detect, prevent, and control roguetechnologies in most enterprise environments.Network Access Control (Cisco ISE), detect unapprovedwireless device with Cisco CleanAir .Threat andvulnerabilitymanagementprogramThreat andVulnerabilityEvaluationLog activity analysisHow do you effectively manage your log monitoring andanomaly detection capabilities? SIEM tools likeAlienVault, LogRythm, and Splunk?Breach indicator analysisImmature organizations lack basic capabilities to identifyindicators of a security breach.Threat and Vulnerability Management (TVM)PwCActively identifying and isolatingthreats to minimize their impactupon assetsOctober 201515

Vulnerability Detection AnalysisCompliance testingHow do you evaluate conformance with establishedsecurity guidelines and policies and compliancemonitoring techniques?Unreliable scanning or time consuming audits?TVM SecurityStrategy &PlanningVulnerability scanningEnhance vulnerability scanning capabilities by assessingfactors such as tools, techniques, scope and frequencyNessus, Nexpose, QualysGuard.Penetration testingPenetration testing assesses factors such as methodology,attack scenarios, scope and frequency.Threat andvulnerabilitymanagementprogramThreat andVulnerabilityEvaluationIntelligence analysisSecurity intelligence should be gathered from multiplesources and effectively leveraged through use ofintelligence tools.Threat and Vulnerability Management (TVM)PwCActively identifying assetweaknesses before they can beexploited by an attackOctober 201516

Threat and Vulnerability Evaluation AnalysisSecurity intelligenceBig data analytics approach (ArcSight or QRadar) ensuresassimilation and correlation of security information andthe process of responding to the identified issuesCommunication and trackingHow are identified threats and vulnerabilities beingcommunicated and tracked until closure?Controls effectiveness evaluationTVM SecurityStrategy &PlanningThreat andvulnerabilitymanagementprogramThreat andVulnerabilityEvaluationAssess the process of evaluating the controls andmitigating mechanismsEvaluating threats andvulnerabilities and establishingcommunication and trackingmechanismThreat and Vulnerability Management (TVM)PwCOctober 201517

Threat and Vulnerability Remediation andResponse AnalysisSecurity infrastructureimplementationEnforce change management and configurationmanagement processes to ensure infrastructure andcontrols are implemented consistently with the company’ssecurity standards, such that they achieve the desiredbenefits and functionality.TVM SecurityStrategy &PlanningThreat andvulnerabilitymanagementprogramSecurity remediationSecurity remediation of the vulnerabilities detected shouldbe a key performance indicator for the security program.Threat andVulnerabilityEvaluationIncident responseAdopt mature IT service management (ITSM), i.e. ITIL.Threat and Vulnerability Management (TVM)PwCIsolating and resolving assetsecurity issues once identifiedOctober 201518

Security Information Management andSustenance AnalysisProgram maturity enhancementContinually monitor and enhance the program’s maturity.TVM SecurityStrategy &PlanningThreat awarenessEnhance the organization’s defenses with securityawareness activities to educate relevant users on threats.Threat andvulnerabilitymanagementprogramReportingIdentify key performance and key risk indicators forreporting the status of the TVM program and the actionstaken in response improve the current capabilities.Threat andVulnerabilityEvaluationActively monitoring andenhancing the TVM programThreat and Vulnerability Management (TVM)PwCOctober 201519

Questions? 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please seewww.pwc.com/structure for further details.This content is general information purposes only, and should not be used as a substitute for consultation with professional advisors.PwC US helps organizations and individuals create the value they're looking for. We're a member of the PwC network of firms, which has firms in 157 countrieswith more than 195,000 people. We're committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you byvisiting us at www.pwc.com/us.

reporting the status of the TVM program and the actions taken in response improve the current capabilities. Threat and vulnerability management program TVM Security Strategy & Planning Threat and Vulnerability Evaluation Actively monitoring and enhancing the TVM program 19 Threat and Vulnerability Management (TVM) October 2015

Related Documents:

PWC Driving Licence In NSW it is compulsory for every person driving a PWC to hold a current PWC driving licence. There are two types of PWC driving licence: 1. PWC driving licence for those aged 16 years and over. 2. Young Adult PWC driving licence for people aged from 12 to less than 16 years. A Young Adult PWC driving licence

Shared third-party threat information via the Cyber Threat Alliance further enriches this knowledge base. The Cyber Threat Alliance is a consortium of 174 different threat intelligence and threat feed providers that crowdsource and share threat intelligence. Cyber Threat Alliance processes more than 500,000 file samples and 350,000 URLs daily.

ASSET VALUE, THREAT/HAZARD, VULNERABILITY, AND RISK 1 ASSET VALUE, THREAT/HAZARD, VULNERABILITY, AND RISK 1-1 Mitigating the threat of terrorist attacks against high occupancy buildings is a challenging task. It is dif-ficult to predict how, why, and when terrorists may attack. Many f

Kandy. The highest vulnerability (0.45: moderate vulnerability) to dengue was indicated from CMC and the lowest indicated from Galaha MOH (0.15; very low vulnerability) in Kandy. Interestingly the KMC MOH area had a notable vulnerability of 0.41 (moderate vulnerability), which was the highes

Common Vulnerability Scoring System (CVSS) values o Numerical score reflecting the severity of the vulnerability Results The associated CVSS score attached to each vulnerability by the NVD provides organizations with a visible metric to gauge the severity associated with any vulnerability and help prioritize any threat remediation strategies.

Initial Temp of PWC was(27 ), and Electric Heater exchanges its thermal energy to PWC, a PWC heated up to melting Temp(saving energy as a sensible heat). After that, the heat stored as latent heat, thus the PWC melts and becomes liquids phase. Then the energy saved as sensible heat as a liquids phase PWC. The Temp PWC is registered at a period of

On May 12, at approximately 2:30 pm, two personal watercraft (PWC) were operating in Biscayne Bay. The PWC were jumping the wakes of other vessels in the area. PWC #1 jumped the wake of a vessel and . Boating Accidents Statistical Report PWC (private) 128,319 98% PWC (rental) 2,838 2% PWC O WNERSHIP BY R EGISTRATION Private vessels 694 / 77% .

Artificial Intelligence: A Modern Approach Stuart Russell and Peter Norvig. 3rd Edition, 2010. 2 copies of are on 24hr reserve in the Engineering and Computer Science Library. Recommended but not required. Lecture notes cover much of the course material and will be available online before class.