building a data driven security strategy1-v19-gdb-180418...session id: #rsac gabriel bassett...
TRANSCRIPT
SESSION ID:
#RSAC
Gabriel Bassett
BUILDING A DATA DRIVEN SECURITY STRATEGY
STR-R02
Senior Information Security Data ScientistVerizon, Data Breach Investigations Report@gdbassett
# R S AC
Agenda
1. Organization2. Strategy3. Measure4. Data Driven Security Strategy5. Example Strategies6. Example Walkthrough7. Application and Conclusion
#RSAC
WHAT IS A STRATEGY?
# R S AC
6
VMOSA
V • Vision
M • Mission
O • Objectives
S • Strategy
A • Action Plans
By Denis Fadeev - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=32967868
Security
Organizatio
n
Hand
off
# R S AC
7
SWOT Analysis
By Xhienne (SWOT pt.svg) [CC BY-SA 2.5 (https://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia Commons
V • Vision
M • Mission
O • Objectives
S • Strategy
A • Action Plans
Hand
off
#RSAC
STRATEGY: THE ART OF DEVISING OR EMPLOYING (ACTION) PLANS OR STRATAGEMS TOWARD A GOAL (OBJECTIVE)https://www.merriam-webster.com/dictionary/strategy
8
#RSAC
STRATEGY IS HOW YOU CHOOSE PLANS TO MEET YOUR OBJECTIVES
9
# R S AC
Risk Based Strategy
#RSAC
DATA DRIVEN SECURITY STRATEGY
# R S AC
12
Measures1. What is my
desired outcome?
2. Why is it the right outcome?
3. How do I know the measure predicts this outcome?
# R S AC
Action Plan(VMOSA)
Measures
Observations in context of desired Outcome• VMOSA• Factor from SWOT
Strategy(VMOSA)
# R S AC
Action Plan(VMOSA)
Measures
Observations in context of desired Outcome• VMOSA• Factor from SWOT
Strategy(VMOSA)
# R S AC
http://blog.friendlyplanet.com/2012/02/fridays-friendly-funny-which-wall-of.html
#RSAC
EXAMPLE STRATEGIES
# R S AC
Strategy: Reactive
# R S AC
18Victor Paul (CC BY 2.0) (https://www.flickr.com/photos/victor_paul/8022836740/)
Strategy: Support Infosec Ops
# R S AC
TimVickers (Own work) [Public domain], https://upload.wikimedia.org/wikipedia/commons/7/71/Alligator_mississippiensis_%282%29%2C.jpg
Strategy: Economic Engineering
# R S AC
Strategy: Reduce Infosec Risk
# R S AC
By Pets Adviser from Brooklyn, USA [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons)
Strategy: Compliance
# R S AC
By Astris1 (Own work) [CC BY-SA 3.0 (https://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons
Strategy-ish: NIST Framework
#RSAC
STRATEGY WALKTHROUGH
Economic Engineering Strategy
# R S AC
http://dbir-attack-graph.infos.ec
# R S AC
Measure risks
Actions and Attributes to Mitigate
PhishingSoftware
InstallationFootprinting
Web Drive-by
Use of Stolen Creds
Phishing
Software Installation
Footprinting
Web Drive-by
Use of stolen credentials
# R S AC
Map Risks to Plans
Actions and Attributes to Mitigate Action Plans or Controls to employPhishing
Software Installation
Footprinting
Web Drive-by
Use of stolen credentials
User Behavioral Analytics
OS & App Sandboxing
DOTMLPF-P
# R S AC
Map Plans to Risks
27
User Behavior AnalyticsAlter Behavior
Privilege Abuse
Illicit Content
Unapproved Workaround
Abuse of Functionality
Use of Stolen Creds or Brute force
OS and App SandboxingPhishing
MalwareWeb Drive-by
Hacking (other then credential use)Footprinting
Software installation
# R S AC
Quantified Improvements
28
#RSAC
DOING SOMETHING
# R S AC
Next Week
# R S AC
Next Month
# R S AC
https://pics-about-space.com/future-space-station-wallpaper?p=1
The Future
#RSAC
BACKUP