Download - ICION 2016 - Cyber Security Governance
Cyber Security Governancewww.icion-leadership.com
ICION 4th Annual Conference | Charles Lim, Msc., ECSA, ECSP, ECIH, CEH, CEI
Agenda
• About Honeynet
• Why Cyber Security Governance?
• Cyber Security Framework
• Framework Core
• Framework Profile
• Implementation Tiers
• Framework Profile
• Conclusion
About Honeynet• Volunteer open source computer security
research organization since 1999 (US 501c3 non-profit)
• Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ -http://www.honeynet.org
About Honeynet• Share all of our tools, research and findings, at
no cost to the public – “Know Your Tools” (KYT)
• “Know Your Enemy”(KYE) white papers regularly published on current research topics
• Members release regular activity status reports
• Committed to open source and creative commons
• Partially funded by sponsors, nothing to sell!
About Indonesia Honeynet Project• 15 passionate security
professionals, academicians and government officials met signed a petition in 25 November 2011
• Indonesia Chapter officially recognized 9 January 2012
• Current members: 130 (20 active members)
About Indonesia Honeynet Project• Yearly Seminar and Workshop since 2012
• Focus on Security Awareness and Security Research
• Honeynet communities: Jakarta, Semarang, Surabaya, Yogya, Denpasar, Palembang, Lampung
• Research Topics: Incident handling, Vulnerability Analysis, Malware, Digital Forensics, Penetration Testing, Threats Intelligence
Honeypots Research & Deployment
2009 2011 2013 2015
LearningPeriod
Early Period
GrowingPeriod
ExpandingPeriod
Honeypot: Nepenthes
Honeypot:Nepenthes, Dionaea
Honeypot:Dionaea
Honeypot:Dionaea, Kippo, Glastopf, Honeytrap
Learning How to install and configure
Deployed 1st
Honeypot in SGUTarget: Academic, Government, ISP
Coverage: Java, Bali, Sumatera,
# Honeypots deployed: None
# Honeypots deployed: 1
# Honeypotsdeployed: 5
# Honeypots deployed: 17
Hardware: Client Hardware: SimpleClient and Server
Hardware: Mini PC and Server
Hardware: Raspberry Pi and Dedicated servers
Join Us
• Indonesia Honeynet Project
• idhoneynet
• http://www.honeynet.or.id
• http://groups.google.com/group/id-honeynet
Why Cyber Security Governance?• We live in the interconnected world
• Constant security threats to individuals, organizations, or countries
• Businesses continue to evolve to stay ahead
• Governing these threats to our organizations is critical to survivability
Governance
Reference: http://www.mondaq.com/x/249550/Data+Protection+Privacy/Information+Security+Governance
Why Framework?
• Example: COBIT Framework
• Framework for the governance and management of IT Enterprise
“a framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful.”
Reference: http://whatis.techtarget.com/definition/framework
Benefits• From chaos to order and organization
• Manageable practice
• From tools / mechanisms architecture / policy strategy / governance
Cyber Security Framework• Framework for Improving Critical Infrastructure Cybersecurity,
version 1.0, the National Institute of Standards and Technology (NIST), February 12, 2014.
– A response to the President’s Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” on February 12, 2013.
• Critical infrastructure: “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
• a voluntary risk-based Cybersecurity Framework
– a set of industry standards and best practices to help organizations manage cybersecurity risks
• The Framework is technology neutral
NIST Cyber Security Framework• Three parts:
– The Framework Core
– The Framework Profile
– The Framework Implementation Tiers
• Framework Core
– A set of activities, outcomes, and informative references
– Providing the detailed guidance for developing individual organizational Profiles
Framework Core• Five concurrent and continuous Functions
– Identify
– Protect
– Detect
– Respond
– Recover
• (Altogether) the functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurityrisk.
Functions and Categories
• Functions organize basic cybersecurity activities at their highest level.• Categories are the subdivisions of a Function into groups of cybersecurity
outcomes closely tied to programmatic needs and particular activities. o Example Categories: “Asset Management,” “Access Control,” “Detection
Processes.”
28
• Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories
• Aligning standards, guidelines, and practices to the Framework Core in a particular implementation scenario
• “Current” profile “Target” profile
• Comparison of Profiles may reveal gaps to be addressed to meet cybersecurity risk management objectives.
Framework Profile
29
• The Framework document does not prescribe Profile templates, allowing for flexibility in implementation.
• Example profiles can be found: http://www.nist.gov/itl/upload/discussion-draft_illustrative-examples-082813.pdf
Example Profiles for Threat Mitigation:1. Mitigating intrusions2. Mitigating malware3. Mitigating insider threats
Framework Profile
Implementation Tiers• Describe the degree to which an organization’s
cybersecurity risk management practices exhibit the characteristics defined in the Framework.
• Characterize an organization’s practices over a range– from Partial (Tier 1) to Adaptive (Tier 4)
• Partial: risks are managed in an ad hoc manner
• Risk Informed: Risk management practices are approved by management but may not be established as organizational-wide policy.
• Repeatable: Risk management practices are formally approved and expressed as policy.
• Adaptive: The organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities.
– Reflect a progression from informal, reactive responses to approaches that are agile and risk-informed.
35
Challenges• Governance begins at the top of the
organization Executive need to lead
• Managing Cyber Security Challenges Managing Risk continuously
• Evolving Risks Evolving Challenges
Thank you Support the first cissp class training on 25 to 29 April 2016 in Jakarta www.indo-infosec.com
• Our ANNUAL ICION EVENT IN BALI
• www.icion-leadership.com
• Watch our last CISSP COMMUNITY VIDEO EVENT IN PONDOH INDAH
• https://www.youtube.com/watch?v=fqUjXIlCcfM