cyber maturity accelerator: introduction to dxc’s …...2018/11/14 · devops by 2020 5 * sources...
TRANSCRIPT
![Page 1: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/1.jpg)
November 14, 2018© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator:Introduction to DXC’s Cyber Reference ArchitectureVersion 2.1DXC Security
For further information, please contact [email protected]
![Page 2: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/2.jpg)
November 14, 2018© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1. Context
2. Cyber Maturity Accelerator
Agenda
![Page 3: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/3.jpg)
November 14, 2018© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1. Context
2. Cyber Maturity Accelerator
Agenda
![Page 4: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/4.jpg)
November 14, 2018 4© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Risk surface is evolving and increasingly complex
The adversary is highly innovative and sophisticated
Regulatory pressures are rising in complexity, costs
Enterprise IT will continue to transform
Skills gap keeps widening
31BIoT devices will be connected to the internet by 20237
3.5M global shortfall of cyber security jobs by 20216
$11.5B global ransomware damage costs by 20192
$8T cost of cyber crime to global businesses by 20204
$3.62Maverage total cost of a data breach3
30xmore IT applications releases as a result of DevOps by 20205
* Sources listed in Notes
72 hours to report a breach mandated by GDPR1
![Page 5: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/5.jpg)
November 14, 2018 5© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Today’s enterprises require reliable security solutionsExperts to solve complex security challenges and propel transformation
Enhanced protection of digital assets
Holistic risk and cyber security strategy
Understand and measure IT security risk
Flexibility for multiple deployment options
• Identify and preempt threatsthrough internal and external views of the global security landscape
• Operationalize security controls across data, user, network, endpoint
• Global scale but with local reach and client context
• Transformation expertise to“secure the digital transformation”
• Integrated solutions driven from risks down to controls
• Knowledge and experience across architecture and technical domains
• Visibility of IT security risk• Demonstrate compliance
both internally and externally• Compliance expertise and
industry-certified personnel
• Vendor agnostic • Consumable in a way suited to
business needs• Tiered solutions and services • Flexibility in delivery model:
SaaS – hybrid – customized
![Page 6: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/6.jpg)
November 14, 2018© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Agenda
1. Context
2. Cyber Maturity Accelerator
![Page 7: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/7.jpg)
November 14, 2018 7© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
We need a new protection philosophy:Digital resilience
Traditional Digital ResilienceUltimate State • Impregnable • Assume compromise
• Stop exfiltration and business disruptionMessaging • Fear, uncertainty and doubt
• Users as problems• Confidence, assurance, visibility, ready to respond• Users as partners
Business Proximity • None • Enables business outcomesAccountability and Leadership • IT department • C-suite and boardFocus • Perimeter; enterprise devices only
• Sporadic maturity improvement• Protect assets regardless of device or location• Risk-based approach to addressing maturity gaps
Approach • Complicate, obstruct, say no• Technology viewed as primary solution• Encrypt data in transit• Development and security separate
• Lean and agile• People and process amplify technology• Encrypt data throughout life cycle• Developers and security partnership
Security Operations Center(SOC)
• Regional• Manual operations• Isolated, silos• Traditional infrastructure and devices• Reactive
• Global, full situational awareness• Orchestrated and automated• Collaborative• All devices, including IoT/operational technology (OT)/
mobile• Intelligence-driven and proactive
![Page 8: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/8.jpg)
November 14, 2018 8© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator: Combining DXC’s diagnostics and cyber reference architecture
• Cyber Maturity Review (CMR) to define a baseline capability measurement
• Identify maturity gaps to prioritize investment• Add other diagnostics to achieve a 360-degree view
Phase 1
Phase 2
Phase 3
As-Is
Diagnostics Cyber Maturity Accelerator
To-Be
CRA
Assess your Security Posture1
• Encyclopedia of To-Be models providing solutions to complex security problems
• Leverages the best practice and solutions implemented by DXC worldwide
• No need to reinvent the wheel; lowers cost, time and risk
DXC Cyber Reference Architecture (CRA)2
![Page 9: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/9.jpg)
November 14, 2018 9© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator
4 weeks 8 weeks Several months
Cyber Maturity Review• Core diagnostic – 500 questions• Baseline and quantify security posture• Benchmark cyber maturity against peers• Identify maturity gaps and prioritize
investment
1
6 optional diagnostics• Cyber Attack Simulation• Ransomware Diagnostic• CMR Deep Dive: GDPR Readiness• Advanced Compromise Assessment• CMR Deep Dive: Security Operations
(SecOps)• Privileged Account Security Diagnostic
DXC Cyber Reference Architecture• Use blueprints to accelerate To-Be definition • Recommendations cost/benefit analysis• Customize solutions with DXC’s experts• Time estimations on project duration• Reference architecture• Prioritized roadmap
As-Is
As-Is
To-Be
Cyber Maturity Accelerator• Security improvement program• Addresses lack of maturity• Improves security posture• Delivers efficient change• Reduces risk
+
3
2
=
![Page 10: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/10.jpg)
November 14, 2018 10© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator1) Diagnostics
4 weeks 8 weeks Several months
Cyber Maturity Review• Core diagnostic – 500 questions• Baseline and quantify security posture• Benchmark cyber maturity against peers• Identify maturity gaps and prioritize
investment
1
6 optional diagnostics• Cyber Attack Simulation• Ransomware Diagnostic• CMR Deep Dive: GDPR Readiness• Advanced Compromise Assessment• CMR Deep Dive: Security Operations
(SecOps)• Privileged Account Security Diagnostic
DXC Cyber Reference Architecture• Use Blueprints to accelerate To-Be definition • Recommendations cost/benefit analysis• Customize solutions with DXC’s experts• Time estimations on project duration• Reference architecture• Prioritized roadmap
As-Is
As-Is
To-Be
Cyber Maturity Accelerator• Security improvement program• Addresses lack of maturity• Improves security posture• Delivers efficient change• Reduces risk
+
3
2
=
![Page 11: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/11.jpg)
November 14, 2018 11© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1) Diagnostics: Assess your security posture
Diagnostic Suite
CMR Deep Dive: GDPR
CMR Deep Dive: SecOps
Ransomware Diagnostic
Privileged Account Security
Advanced Compromise Assessment
Cyber Attack
Simulation
CMR
Assess GDPR readiness Measure SecOps maturity
Learn if your enterprise is compromised
Understand if your enterprise can resist ransomwareDiscover privileged accounts and assess risk
Test defenses and recommend remediation with hacking simulation
Define a baseline for measuring and improving cyber maturity
![Page 12: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/12.jpg)
November 14, 2018 12© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1) CMR: Cyber maturity levels
Cyber Maturity Levels (based in CMMI)5 Optimized Thought leaders; highly mature; continuously improving and influencing best practice4 Measured Quantitatively controlled against best practice; has leading service components and procedures3 Defined Services well defined and subjectively evaluated; alignment with best practice2 Managed Planned, tracked and repeatable; business requirements met; limited resources available1 Performed Performed informally, minimum service levels0 None No capability
0 1 2 3 4 5
Incomplete Performed Managed Defined Measured Optimized
Current
Target
3.0
1.50
![Page 13: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/13.jpg)
November 14, 2018 13© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1) CMR: Deliverables (1/3)Results summary
People Process Technology Individual Domain MaturityDomain Category Maturity
1.20
1.90 1.55
SecurityStrategy & RiskManagement
Cyber DefenseOperational &
TechnicalSecurity
Current Maturity Target
Process
Technology
People
2.1
1.31.1
Security Domain Maturity Maturity 1.55 People/Process/Technology View
The 3 lowest scoring domain
![Page 14: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/14.jpg)
November 14, 2018 14© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1) CMR: Deliverables (2/3)Benchmark
Benchmarks cyber maturity vs. peers
Compares security investment with industry peers
Are we getting a tangible return on investment from our security investment?
Indu
stry
Ave
rage
(mea
n)
Midpoint
Median
Med
ian
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
4.5
5.0
234567891011121314
Cyb
er S
ecur
ity M
atur
ity
% IT security spend vs. total IT spend
![Page 15: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/15.jpg)
November 14, 2018 15© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
1) CMR: Deliverables (3/3)Roadmap
1 2 3
Performed Managed Defined
3.0
1.1
Current Target2.0
Q1 Q2 Q3 Q4
Phase I
Phase II
Security strategy
Update security policies
Review security architecture
Security foundations
Security awareness
ISO and PCI compliance
Monitoring SOC
Advanced threat protection
Data loss prevention
Threat intelligence
Database vault
• Cost Benefit Analysis
• Baseline security maturity
• Assess capability gaps
Prioritized Roadmap
HighMediumLow
Hig
hM
ediu
mLo
w
Cost
Ben
efit
109
3
12
4
5 6 7
8
![Page 16: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/16.jpg)
November 14, 2018 16© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator2) CRA
4 weeks 8 weeks Several months
Cyber Maturity Review• Core Diagnostic – 500 questions• Baseline and quantify security posture• Benchmark cyber maturity against peers• Identify maturity gaps & prioritize investment
1
6 optional diagnostics• Cyber Attack Simulation• Ransomware Diagnostic• CMR Deep Dive: GDPR Readiness• Advanced Compromise Assessment• CMR Deep Dive: Security Operations• Privileged Account Security Diagnostic
DXC Cyber Reference Architecture• Use blueprints to accelerate To-Be definition • Recommendations cost/benefit analysis• Customize solutions with DXC’s experts• Time estimations on project duration• Reference architecture• Prioritized roadmap
As-Is
As-Is
To-Be
Cyber Maturity Accelerator• Security improvement program• Addresses lack of maturity• Improves security posture• Delivers efficient change• Reduces risk
+
3
2
=
![Page 17: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/17.jpg)
November 14, 2018 17© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRAAn encyclopedia of resilience best practice
Cyber Reference Architecture
Advise, transform and manage
World-class security solutions
Framework
• Taxonomy and nomenclature
• Strategic to technical
10 blueprints
• Focused on solving specific architecture challenges
Use
d to
deve
lop
• Aligned to security architectures: NIST, ISO 27001, SANS critical controls• Captures DXC’s vast expertise in advisory and architecture• Technology agnostic
Field proven and aligned with best practice
• The CRA is the home of DXC’s security wisdom• Best-practice security library• Built from hundreds of security engagements by thousands of advisors• Delivers world-class architectures, including for SecOps
DXC’s strategic secret weapon
• Complete, exhaustive and very detailed; people, process and technology• Covers strategic, tactical and operational concerns• Constantly updated by DXC’s experts
Granular, detailed and updated
![Page 18: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/18.jpg)
November 14, 2018 18© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) DXC’s CRA delivers resilience (1/3)
• Define strategy• Manage risks and compliance• Defining enterprise security architecture• Address prioritized risks and enable the business
Strategic level
• Security monitoring• Breach response• Orchestrate intelligent SecOps
Tactical and operational level
• Design, size, implement and run • Technical security solutions• Physical security
Technical level
Physical Security (PS)
Security ResilientArchitecture (SRA)
Cyber Defense (CD)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
Technical Security (TS)
Cyber Defense & Orchestration (CDO)
Security Strategy & Risk Management
(SSRM)
![Page 19: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/19.jpg)
November 14, 2018 19© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Define a strategy aligned to business objectives
Manage risk and ensure compliance
Translation of business strategies into security solutions
Security-conscious culture and knowledge management
Security monitoring, incident management and response
Processes, including management and measurement
Management of identities and access controls
IT and OT security integration
Data classification, modeling and protection
Secure development and maintenance of software
Protect assets from physical threats
Enterprise threat detection and prevention
SLGSLG
RCM
SRA
RW
SLGCD
SO
SLGIAM
IES
AS
DPP
SLGCS
PS
2) DXC’s CRA delivers resilience (2/3)
Physical Security (PS)
Security ResilientArchitecture (SRA)
Cyber Defense (CD)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
![Page 20: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/20.jpg)
November 14, 2018 20© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) DXC’s CRA delivers resilience (3/3)
6 total56 total
Monitoring
Analytics
Log correlation
Use cases
Anomaly detect
User behavior
Cyber defense
12 total
55 total
347 total
Subdomain
Subdomain
Capability
Capability
Capability
Capability
Domain
CRA structure
Cyber defense example
Physical Security (PS)
Security ResilientArchitecture (SRA)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
Cyber Defense (CD)
![Page 21: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/21.jpg)
November 14, 2018 21© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Blueprints solve specific security challenges
Cyber defense blueprint
Identity and access management
blueprint
Infrastructure and endpoint
security blueprint
Data protection and privacy security
blueprint
Resilient workforce blueprint
Risk and compliance management
blueprint
Cloud security blueprint
GDPR security blueprint
OT security blueprint
Singledomain
Multi-domain
Remediation blueprint
10 Blueprints
Physical Security (PS)
Security ResilientArchitecture (SRA)
Cyber Defense (CD)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
![Page 22: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/22.jpg)
November 14, 2018 22© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Blueprints solve specific security challenges
Cyber defense blueprint
Identity and access management
blueprint
Infrastructure and endpoint
security blueprint
Data protection and privacy security
blueprint
Resilient workforce blueprint
Risk and compliance management
blueprint
Cloud security blueprint
GDPR security blueprint
OT security blueprint
SingleDomain
MultiDomain
Remediation blueprint
10 Blueprints
Physical Security (PS)
Security ResilientArchitecture (SRA)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
Cyber Defense (CD)
![Page 23: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/23.jpg)
November 14, 2018 23© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Cyber defense blueprint (1/8)Cyber defense capabilities
Threat intelligence and profiling
Security incident response and remediation management
Security analytics
Vulnerability management
Digital investigation and
forensics
Definition of a corporate policy related to log generation, with the necessary level of requested logs per component, where each component security standard should include technical log setting, which may include logs containing user activities, security violations and other security event information
Activities to ensure proper log setting configuration on each hardware and software component according to the corresponding component security standard; collecting and aggregating logs to a central repository through collectors or agents from any device, source or format
Ability to discover and apply logical associations among disparate log events and within a large volume of events from different log sources in order to highlight important events and identify suspicious activities
Ensuring logs cannot be modified so that integrity is maintained throughout and evidence of integrity can be provided
Use case definition: modeling of attack scenarios or a sequence of events and associated rule definition, which if occurring within a certain period of time represents a suspicious activity that needs to be analyzed
Log policy definition
Log management
Log correlation
Log integrity
Use case management
Security monitoring
![Page 24: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/24.jpg)
November 14, 2018 24© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Cyber defense blueprint (2/8)Cyber defense capabilities
Threat intelligence and profiling
Security incident response and remediation management
Security analytics
Vulnerability management
Digital investigation and
forensics
The process of observing, checking and tracing (recording) generated alerts defined in use case implementations to initiate incident triage and response when needed
Ability to query for a particular event or a sequence of events which occurred in the past
Logs and events management report: events and logs collected and recorded, use cases management, altering and monitoring activities (numbers of alerts, actions undertaken, etc.)
The process to manage SOC analysts and operators’ shift handover
The process to manage SOC daily operations (console monitoring, ticket management, etc.)
Monitoring and alerting processes
Event query
Log reporting
Shift-handover process
Daily operations meeting procedure
Security monitoring
![Page 25: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/25.jpg)
November 14, 2018 25© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Cyber defense blueprint (3/8)
Physical Security (PS)
Security ResilientArchitecture (SRA)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
Cyber Defense (CD)
Security analytics
Context and behavior layer
Threat intelligence and profiling
Digital investigation and forensics
Intelligence layer
Vulnerability management
Vulnerability layer
Security monitoringSecurity incident
response and remediation
management
Forensic analysis and response
Operations layer
Controls layer
Strategic layer
Asset management
Actionable security and threat intelligence
Correlated events
Containment, clean-up, eradication, disruption, remediation Physical
eventsIT
eventsOT
events
![Page 26: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/26.jpg)
November 14, 2018 26© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Cyber defense blueprint (4/8)
Actionable security and threat intelligence
Correlated events
Containment, clean-up, eradication, disruption, remediation Physical
eventsIT
eventsOT
events
Security analytics
Context and behavior layer
Threat intelligence and profiling
Digital investigation and forensics
Intelligence layer
Vulnerability management
Vulnerability layer
Security monitoringSecurity incident
response and remediation
management
Forensic analysis and response
Operations layer
Controls layer
Strategic layer
Asset management
SOC foundation key work packages
Infrastructure security monitoring
Centralized storage of normalized data; detect security incidents quickly based on use cases
Comprehensive breadth and depth of collection of events across the infrastructure
![Page 27: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/27.jpg)
November 14, 2018 27© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
SOC foundation key work packages
2) CRA: Cyber defense blueprint (5/8)
Actionable securityand threat intelligence
Correlated events
Containment, clean-up, eradication, disruption, remediation Physical
eventsIT
eventsOT
events
Security analytics Threat intelligence and profiling
Digital investigation and forensics
Intelligence layer
Vulnerability management
Vulnerability layer
Security monitoringSecurity incident
response and remediation
management
Forensic analysis and response
Operations layer
Controls layer
Strategic layer
Asset management
Infrastructure security monitoring
Assess/define SOC processes Monitor and analyze security events 24x7x365
Centralized storage of normalized data; detect security incidents quickly based on use cases
Context and behavior layer
![Page 28: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/28.jpg)
November 14, 2018 28© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
SOC foundation key work packages
2) CRA: Cyber defense blueprint (6/8)
Actionable securityand threat intelligence
Correlated events
Containment, clean-up, eradication, disruption, remediation Physical
eventsIT
eventsOT
events
Security analytics Threat intelligence and profiling
Digital investigation and forensics
Intelligence layer
Vulnerability management
Vulnerability layer
Security monitoringSecurity incident
response and remediation
management
Forensic analysis and response
Operations layer
Controls layer
Strategic layer
Asset management
SecOps managementInfrastructure
security monitoring
Assess/define SOC processes
Security incident management
process
Monitor and analyze security events 24x7x365
Manage security incidents quickly
Centralized storage of normalized data; detect security incidents quickly based on use cases
Context and behavior layer
![Page 29: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/29.jpg)
November 14, 2018 29© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
SOC foundation key work packages
2) CRA: Cyber defense blueprint (7/8)
Actionable security and threat intelligence
Correlated events
Containment, clean-up, eradication, disruption, remediation Physical
eventsIT
eventsOT
events
Security analytics Threat intelligence and profiling
Digital investigation and forensics
Intelligence layer
Vulnerability management
Vulnerability layer
Security monitoringSecurity incident
response and remediation
management
Forensic analysis and response
Operations layer
Controls layer
Strategic layer
Asset management
SecOps managementInfrastructure
security monitoring
Assess/define SOC processes
Security incident management
process
Crisis management
process update
Monitor and analyze security events 24x7x365
Manage security incidents quickly
Ensure security and privacy requirements are covered in the crisis management process
Centralized storage of normalized data; detect security incidents quickly based on use cases
Context and behavior layer
![Page 30: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/30.jpg)
November 14, 2018 30© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
SOC foundation key work packages
2) CRA: Cyber defense blueprint (8/8)
Actionable security and threat intelligence
Correlated events
Containment, clean-up, eradication, disruption, remediation Physical
eventsIT
eventsOT
events
Security analytics Threat Intelligence and profiling
Digital investigation and forensics
Intelligence layer
Vulnerability management
Vulnerability layer
Security monitoringSecurity incident
response and remediation
management
Forensic analysis and response
Operations layer
Controls layer
Strategic layer
Asset management
Infrastructure security monitoring
Assess/define SOC processes
Security incident management
process
Establish a digital investigation and forensics service
Crisis management
process update
Monitor and analyze security events 24x7x365
Manage security incidents quickly
Ensure security and privacy requirements are covered in the crisis management process
Digital investigation and forensics service for rapid security incident response
Centralized storage of normalized data; detect security incidents quickly based on use cases
Context and behavior layer
![Page 31: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/31.jpg)
November 14, 2018 31© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Initiative template (1/2)Establish a digital investigation and forensicsservice Duration
Business impact/disruption
Cost
CD.4.1 ; CD.4.2 ; CD.4.3Capabilities addressed
L
L
L
Name: Establish a Digital Investigation & Forensics Service Work Package ID: CD.4.aPurpose and high-level description:• Understand and define the requirements for an organization-wide digital investigation and forensics service, including rapid security incident response as well as legal and
regulatory aspects in any geography to conduct threat actor profiling and tracking.• Analyze the most restrictive data privacy policy to use as an authoritative basis for all regions and business units.• Define the scope, goals and expectations of the relevant business units and organizations to this investigation and forensics service.• Describe the vision and scope that articulates the requirements for recovery of digital evidence such as a binary image of a system, raw logs, traffic capture, etc.:
– If and how must workers council and legal be involved in such processes?– What are the primary goals of such activities (e.g., knowledge gain to better enhance detective and reactive controls, enablement of criminal prosecution)?– How is the investigation team to be designed, centrally or locally? What legal aspects, if any, are involved in data transfer, recovery of digital evidence, storage and
processing of restricted data such as HDD images, personally identifiable information (PII), etc.?– Who will lead this investigation, and which systems, assets, entities and services are the most important and business critical so that resources can be focused on them?– How are key performance indicators measured, and how are they verified and on which intervals?– Which tools are used, and is information handled in a centralized or decentralized fashion? Are the various tools compatible and do interfaces need to be defined?– What does the organization-wide governance process look like?
• Design the technical architecture of the solution/s to support the goals and strategies that have been defined in the vision and scope.• Create architecture design, describing which technical principles are used, which tools are preferred and how the various infrastructures are combined to form a holistic
solution (network forensic toolkit, sandboxing and IOC assessment toolkit, etc.)• Create a deployment guide that describes the technical concepts and enumerates the implementation steps in detail. In addition, describe typical patterns to look for and how
the forensic approaches are integrated into processes (SOC processes, incident management and incident response processes, etc.) and tools. Finally, plan the deployment following project management and technical best practices.
Staffing requirements:• DXC roles:
– 1 x security principal (2 days)– n x security architect (5 days)– 1 x account security officer (1 day)– 1 x program director (1 day)– 1 x project manager (2 days per toolkit)– n x network operations engineers and SMEs (5
days per toolkit)• Customer roles:
– 1 x head of security (1 day)– n x network operations engineers and SMEs if
network managed by the customer (5 days per toolkit)
Key activities:(1) Agree on scope and service type with key customer stakeholders and document the service description accordingly (in particular, define the key performance indicators and governance); (2) define and agree on vision and scope of the digital investigation and forensics requirements and design the solution; (3) prioritize the essential systems, networks and entities to start the deployment in a prioritized order; (4) define the necessary security processes adaptation and changes in existing processes; (5) define an implementation plan for delivering the digital investigation and forensics service; and (6) train personnel in the solution approaches and their required activities involve the team in the solution build process.Deliverables:• Statement of Work for digital investigation and forensics service, project plan and schedule, architecture
documentation, implementation guide, test guide, processes definition and update, standard service documentation; communication through the organization
• Infrastructure installation and configuration, update of existing processes
Workload estimation:• Estimated project duration = 1 month• Estimated number of man days effort for DXC = 23 man days (for two toolkits)• Estimated number of man days effort for customer = 11 man days• Hardware and software costs not included
Business benefits and outcomes:• More awareness of cyber risk in the organization• Better visibility into the most relevant infrastructure areas and systems• Improvement on the quality, speed and availability of operational practices • Better understanding the organization’s threat profile and preliminary and proactive repeatable processes• Ability to achieve faster identification of new malware and threats; reduction of cyber risks
Business challenges and problems foregoing commitment:• More time required to identify threat actors already in place• Less digital investigation and forensics capability to address breaches of information security (e.g., loss of
confidentiality, integrity and availability) and protect intellectual property (IP) (trade secrets, competitive information, IP theft, secured collaboration)
• Less visibility of malicious software on workstations and servers• Less visibility of events and hack attempts across the entire estate
![Page 32: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/32.jpg)
November 14, 2018 32© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
2) CRA: Initiative template (2/2)Establish a digital investigation and forensicsservice Duration
Business impact/disruption
Cost
CD.4.1 ; CD.4.2 ; CD.4.3Capabilities addressed
L
L
L
Name: Establish a Digital Investigation & Forensics Service Work Package ID: CD.4.aPurpose and High Level Description:• Understand and define the requirements for an organization wide Digital Investigation & Forensics Service including Rapid Security Incident Response as well as legal and
regulatory aspects in any geography in order to conduct Threat Actor Profiling & Tracking.• Analyze the most restrictive data privacy policy to use this as authoritative basis for all regions and business units.• Define the scope, goals and expectations of the relevant business units and organizations to this investigation and forensic service.• Describe the vision and scope that articulates the requirements for recovery of digital evidence such as a binary image of a system, raw logs, traffic capture, etc. :
– If and how must workers council and legal be involved in such processes– What are the primary goal of such activities (Knowledge gain to better enhance detective and reactive controls?, Enablement of Criminal prosecution?)– How is the investigation team to be designed? Centrally or locally? Any legal aspects that are involved in data transfer, recovery of digital evidence, storage and processing
of restricted data such as HDD Images, PII information etc.)– Who will lead this investigations, which systems, assets, entities, services are the most important and business critical so that the resources can be most focus on them– How are key performance indicators are measured and how they are verified and on which intervals?– Which tools are used, are those information are handled in a centralized or de-centralized fashion? Are the various tools compatible are interfaces required to be defined?– How does the organization wide governance process look like
• Design the technical architecture of the solution/s to support the goals and strategies that have been defined in the vision and scope• Create Architecture Design, describing which technical principles are used which tools are preferred and how the various infrastructures are melted together to a holistic
solution approach (network forensic toolkit, sandboxing and IOC assessment toolkit, etc.)• Create Deployment Guide that describes the technical fine concept describing the implementation steps in details. Additionally describing what are typical patterns to look for
and how the forensic approaches integrated into processes (SOC processes, Incident Management and Incident Response processes, etc.) and tools and finally plan the deployment following project management and technical best practices
Staffing Requirements:• DXC Roles:
– 1 x Security Principal (2 days)– n x security architect (5 days)– 1 x account security officer (1 day)– 1 x program director (1 day)– 1 x project manager (2 days per toolkit)– n x network operations engineers and SMEs (5
days per toolkit)• Customer Roles:
– 1 x head of security (1 day)– n x network operations engineers and SMEs if
network managed by the customer (5 days per toolkit)
Key Activities:1) Agree scope and service type with key customer stakeholders and document the service description accordingly especially define the key performance indicators and governance 2) Define and Agree on Vision and Scope of the Digital Investigation & Forensics requirements and design the solution 3) Prioritize the most important essential systems, networks and Entities to start the deployment in a prioritized order 4) Define the necessary security processes adaptation and changes in existing processes 5) Define an implementation plan for delivering the Digital Investigation & Forensics Service 6) Train the personal in the solution approaches and their required tasks and activities involve the team in the solution build process.Deliverables:• Statement of Work for Digital Investigation & Forensics Service, Project Plan & Schedule, Architecture
documentation, Implementation guide, Test guide, Processes definition and update, Standard Service documentation. Communication through the organization
• Infrastructure installation and configuration, update of existing processes
Workload estimation:• Estimated project duration = 1 month• Estimated number of man days effort for DXC = 23 man days (for 2 toolkits)• Estimated number of man days effort for Customer = 11 man days• Hardware and Software costs not included
Business Benefits and Outcomes:• More awareness of cyber risk in the organization• Better visibility into the most relevant infrastructure areas and systems• Improvement on the quality, speed and availability of operational practices • Better understanding the organizations threat profile and preliminary and proactive repeatable processes• Ability to achieve faster identification of new malware and threats. Reduction of cyber risks
Business Challenges and Problems Foregoing Commitment:• More time required to identify threat actors already in place• Less Digital Investigation & Forensics capability to address breaches of information security (e.g. loss of
confidentiality, integrity and availability) and to protect intellectual property (trade secrets, competitive information, IP theft, secured collaboration)
• Less visibility of malicious software on workstations and servers• Less visibility of events and hack attempts across the entire estate
Purpose and high-level description
Key activities
Deliverables
Business benefits and outcomes
Staffing requirements
Workload estimation
Business challenges and problems foregoing commitment
![Page 33: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/33.jpg)
November 14, 2018 33© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator (1/2)3) Cyber Maturity Accelerator
4 weeks 8 weeks Several months
Cyber Maturity Review• Core Diagnostic – 500 questions• Baseline and quantify security posture• Benchmark cyber maturity against peers• Identify maturity gaps & prioritize investment
1
6 optional diagnostics• Cyber Attack Simulation• Ransomware Diagnostic• CMR Deep Dive: GDPR Readiness• Advanced Compromise Assessment• CMR Deep Dive: Security Operations• Privileged Account Security Diagnostic
DXC Cyber Reference Architecture• Use Blueprints to accelerate To-Be definition • Recommendations cost/benefit analysis• Customize solutions with DXC’s experts• Time estimations on project duration• Reference architecture• Prioritized roadmap
As-Is
As-Is
To-Be
Cyber Maturity Accelerator• Security improvement program• Addresses lack of maturity• Improves security posture• Delivers efficient change• Reduces risk
+
3
2
=
![Page 34: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/34.jpg)
November 14, 2018 34© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
Cyber Maturity Accelerator (2/2)Modular transformation
0,00,51,01,52,02,53,03,54,04,55,0
Security StrategyAsset management, Governance,
Policy and Risk Management
Legal and RegulatoryCompliance, Security…
Reference EnterpriseSecurity Architecture
Identity and AccessManagement
Infrastructure Security
Endpoint SecurityCyber Defense
Data Security
Business Continuity &Disaster Recovery
Physical Security
Managed Security & ServiceDelivery
Cultural Change
Overall Current State and Future StateCurrent Target
CMR and
diagnostics
List of initiatives
Initiative’s scope and deliverables’ description = Work Packages (WPs) Transformation plan
Initiatives identification and
validation
Maturity assessmentdiscovery
Initiatives/WPs definition
Transformation plan
Delivery ensuring traceability
Objectives
Benefits
Physical Security (PS)
Security Resilient Architecture (SRA)
Cyber Defense (CD)
Identity & Access
Management (IAM)
Infrastructure & Endpoint
Security (IES)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security Orchestration (SO)
Strategy,Leadership
& Governance (SLG)
CRA framework CRA blueprints
WP name Sub-Domain WP description WP outcomes Objective TimescaleCD.1.a – InfrastructureSecurity Monitoring
Security Monitoring • Define SIEM Use Cases• Define the corresponding requirements for log policy, log generation
(setting) and log storage, for critical IT security infrastructure• Define or revisit SIEM architecture requirements to support
additional requirements and to support new use cases• Define and execute the corresponding transformation plan
• Log analysis• Targeted and accurate alerting• Ability to quickly identify when the threat
actor is in the environment, then quarantine and remove such actor
• Ensuring the service is performing as expected
VISIBILITY 9 months
CD.2.a – Assess / Define Security Operation Center processes
Security Incident Response & Remediation Management
• Define core SOC processes or review the current SOC processes • Validate the overall maturity of SOC processes• Define the future state transformation plan of SOC processes
• Efficient security operations allowing an attack to be quickly identified, quarantined and removed
RESPONSE 3 months
CD.2.b – Security Incident Management Process
Security Incident Response & Remediation Management
• Define or review the current Security Incident Management process and validate this overall maturity
• Define an interim solution if necessary for Security Incident Management process including support materials for delivery.
• Define the future state transformation plan of the process
• Robust service for managing security incidents
RESPONSE 3 months
CD.2.c – Crisis Management Process update
Security Incident Response & Remediation Management
• Ensure security and privacy requirements are covered in the Crisis management process to deal with serious, disruptive or catastrophic event impacting and harming the organization and its businesses.
• Robust service for managing security incidents
RESPONSE 2 months
CD.3.a – Threat Intelligence Platform development
Threat Intelligence & Profiling
• Develop Threat Intelligence Platform supporting collection, validation, storage, and automated use of threat intelligence:
• Provide custom scripting flexibility and programing language options,
• Allow automated enrichment via community feeds and sources,• Allow automated triage, allowing automated application of IOCs,
Scripts, customized signatures on endpoint IR tooling, etc.
• Intelligence lead alerting and identification of security breach
VISIBILITY
INTELLIGENCE
2 months
Strategy = Vision and Direction
![Page 35: Cyber Maturity Accelerator: Introduction to DXC’s …...2018/11/14 · DevOps by 2020 5 * Sources listed in Notes 72 hours to report a breach mandated by GDPR 1 Security has seen](https://reader036.vdocument.in/reader036/viewer/2022081404/5f0534fb7e708231d411cf5d/html5/thumbnails/35.jpg)
© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company
For further information, please contact [email protected]