Now is the time to consider dismantling the barriers that often exist between IT and physical security teams, so that evolving cyber risks can be tackled more effectivelyFor example, Verizon’s 2012 data breach investigations report found that ten per cent of breaches involve some form of physical attack, while a…
Category: Uncategorized
10 tips to secure funding for a security program
In all cases, good communication was the critical ingredient for success and resulted in the necessary funding, over a period of years, to establish and maintain a workable security program. To start the budget discussion, you must stress cost avoidance rather than profits and you will need hard, empirical evidence to depict the business risks and associated costs. Therefore, the best way to approach senior management to fund your cybersecurity program is to cast the expenditures using an ROI approach.
1. Set the foundation for security funding before you need it; and once established, keep it strong.
2. Don’t use scare tactics.
3. Establish your cybersecurity credentials within your organization.
4. Relate your security risks to the business.
5. Outline the need in plain English.
6. Develop a plan that meets the security needs but also considers financial constraints.
7. Once you get the funding, follow the plan you outlined.
8. Provide constant feedback on the security program.
9. Use outside resources to support your request.
10.Always emphasize that cyber security is not an “information technology” issue — it is an organizational risk management issue.
Link: http://www.csoonline.com/article/732053/10-tips-to-secure-funding-for-a-security-program?source=CSONLE_nlt_update_2013-04-21
The CISO’s Guide to Advanced Attackers: Mining for Indicators
Forensics folks have been doing this for years during investigations, but proactive continuous full packet capture – for the inevitable incident responses which haven’t even started yet – is still an early market. That’s a start, but you will likely require some kind of Big Data thing, which should be clear after we discuss what we need this detection platform to do.
We spent a time early in this process on sizing up the adversary for some insight into what is likely to be attacked, and perhaps even how. But once you do the work to model the likely attacks on your key information, and then enumerate those attack patterns in your tool, you can get tremendous value.
We have already listed a number of different threat intelligence feeds, which can be used to search for specific malware files, command and control traffic, DNS request patterns, and a variety of other indicators.
So you can search your security data infrastructure for almost anything you are collecting – or even better, for a series of events and/or files within your environment – quickly and accurately to narrow down your searches to the most likely attacks.
We have every confidence that big data holds promise for security intelligence, both because we have witnessed attacker behavior captured in event data just waiting to be pulled out, and because we have also seen miraculous ideas sprout from people just playing around with database queries.
You are clearly constrained in terms of internal capabilities (you will be looking for a lot of data scientists over the next few years), as well as the lack of maturity of technologies such as Hadoop, MapReduce, Pig, Hive, and a variety of others in the security context.
But companies seriously looking to detect advanced attackers within their environments will be capturing packets to supplement the other data they already collect, and subsequently starting to use Big Data technologies to mine it all.
Link: https://securosis.com/blog/the-cisos-guide-to-advanced-attackers-mining-for-indicators
A GUIDE TO INCIDENT PLANNING AND LEADERSHIP
For this reason, it is helpful to consider your role as a crisis manager in the face of a real event, such as the sudden, widespread internet interruption recently experienced across the island of Taiwan.
Though the blaze was contained quickly, this localized event caused a major national disruption. 80 percent of Internet services across Taiwan were impacted by what the Taipei Times indicates may have been the worst interruption for Taiwanese Internet users since the 921 earthquake of 1999.
Several lessons can be learned from this event about successful crisis leadership, not the least of which is that as a crisis manager, you always need to be ready for new categories of emergency. In a global economy where business operations are increasingly supported by cloud-based infrastructure, a small fire at one data center was able to impact the Internet services of most of a nation of over twenty-three million.
As a crisis manager, both before and during the event, you must consider the questions this emergency raises: What is the impact for your organization of a widespread Internet outage?
Ensuring that your IT framework and communications lines are sustainable is a key part of your role as crisis manager, and will enable you to operationalize your business continuity plans seamlessly if an event does occur?
It is also important that while planning a business continuity strategy, you establish an overarching vision of your crisis management that can be expressed in the details of your plan.
Prepare checklists of immediate action items for each type of event, and when doing so, look to a business continuity planning software platform that will allow you to streamline and automate these responses.
If testing reveals, for instance, that an emergency at one of your locations, such as a data center complex, or a network operations center, can bring your entire operation to a halt, you will have time to rethink your plans.
Even if you are executing your business continuity plan and your secondary data center is up and running, you need to know the questions to ask, both to make sure the plan runs smoothly, and to ensure you have a complete understanding of the situation.
It is likely that your initial information will be skewed or false in some way, so be prepared to revise your response one or two times in the initial moments of an emergency.
By writing during a crisis and logging all your actions, you will not only increase your clarity, focus, and decision making skills, but you will also have a record of your actions on hand for review after the incident is resolved.
Group of Security Experts Across Multiple Industries Discuss Practical Ways to Leverage Simulated At
“Phishing, and the more targeted and sophisticated spear-phishing, is the weapon of choice for the modern cyber-criminal and is used by the more organized hacker for data and intellectual property theft,” said Perry Carpenter, former security awareness analyst from Gartner who is now working as a security expert in the financial sector. More than anything else, the report shows how simulated attack training can introduce measurement into training — not only is it effective, its effectiveness can be measured and monitored to allow the most cost-efficient training for the highest risk people and topics.
Link: http://mw.newsblaze.com/story/2013040906001900009.mwir/topstory.html
Detection, response key to effective security
With corporate security measures becoming increasingly more effective, often the only point of entry to a company’s network for a cyber criminal is via an employee.
“Research found that the negative impact of mobile devices on security was not only the result of the mobility of devices, but because of a number of assumptions IT departments make around the data they carry. In today’s mobile business environment, securing mobile devices has become a priority, but many IT departments neglect to think about the fact that the data carried on these devices isn’t contained as it would be in a centralised office environment. By working with the assumption that this is the same situation as when the data is in the data centre, IT becomes an unwitting accomplice of cyber criminals, according to Kaspersky’s research,” Myburgh points out.
“IDC data also shows that mobility is the number one factor driving new security spending, suggesting that more organisations are taking heed and beefing up security measures beyond their data centre perimeters.”
Link: http://www.itweb.co.za/index.php?option=com_content&view=article&id=63127