Cyber Security Governancewww.icion-leadership.com

ICION 4th Annual Conference | Charles Lim, Msc., ECSA, ECSP, ECIH, CEH, CEI

Agenda

• About Honeynet

• Why Cyber Security Governance?

• Cyber Security Framework

• Framework Core

• Framework Profile

• Implementation Tiers

• Framework Profile

• Conclusion

About Honeynet• Volunteer open source computer security

research organization since 1999 (US 501c3 non-profit)

• Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ -http://www.honeynet.org

About Honeynet• Share all of our tools, research and findings, at

no cost to the public – “Know Your Tools” (KYT)

• “Know Your Enemy”(KYE) white papers regularly published on current research topics

• Members release regular activity status reports

• Committed to open source and creative commons

• Partially funded by sponsors, nothing to sell!

About Honeynet

Honeynet Project Workshop | 18-20 May 2015 | Stavanger, Norway

About Honeynet

CONPOT 0.5.0 Release | 13 November 2015

About Honeynet

55 Chapters and 37 Countries

About Indonesia Honeynet Project• 15 passionate security

professionals, academicians and government officials met signed a petition in 25 November 2011

• Indonesia Chapter officially recognized 9 January 2012

• Current members: 130 (20 active members)

About Indonesia Honeynet Project• Yearly Seminar and Workshop since 2012

• Focus on Security Awareness and Security Research

• Honeynet communities: Jakarta, Semarang, Surabaya, Yogya, Denpasar, Palembang, Lampung

• Research Topics: Incident handling, Vulnerability Analysis, Malware, Digital Forensics, Penetration Testing, Threats Intelligence

About Indonesia Honeynet Project

Honeynet Seminar & Workshop | 10-11 Juni 2015 | Lampung, Indonesia

Honeypots Research & Deployment

2009 2011 2013 2015

LearningPeriod

Early Period

GrowingPeriod

ExpandingPeriod

Honeypot: Nepenthes

Honeypot:Nepenthes, Dionaea

Honeypot:Dionaea

Honeypot:Dionaea, Kippo, Glastopf, Honeytrap

Learning How to install and configure

Deployed 1st

Honeypot in SGUTarget: Academic, Government, ISP

Coverage: Java, Bali, Sumatera,

# Honeypots deployed: None

# Honeypots deployed: 1

# Honeypotsdeployed: 5

# Honeypots deployed: 17

Hardware: Client Hardware: SimpleClient and Server

Hardware: Mini PC and Server

Hardware: Raspberry Pi and Dedicated servers

Our Contribution

http://public.honeynet.id

Our Contribution

Attacker Statistics: Attacker IP, Malware, Targeted Ports, Provinces attacked

Our Contribution

Attacker Statistics: Attacker IP, Malware, Targeted Ports, Provinces attacked

Other Research

Second Hand USB Forensics and Publications

Join Us

• Indonesia Honeynet Project

• idhoneynet

• http://www.honeynet.or.id

• http://groups.google.com/group/id-honeynet

Why Cyber Security Governance?• We live in the interconnected world

• Constant security threats to individuals, organizations, or countries

• Businesses continue to evolve to stay ahead

• Governing these threats to our organizations is critical to survivability

Governance

Reference: http://www.mondaq.com/x/249550/Data+Protection+Privacy/Information+Security+Governance

Why Framework?

• Example: COBIT Framework

• Framework for the governance and management of IT Enterprise

“a framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful.”

Reference: http://whatis.techtarget.com/definition/framework

COBIT Framework

Benefits• From chaos to order and organization

• Manageable practice

• From tools / mechanisms architecture / policy strategy / governance

Cyber Security Framework• Framework for Improving Critical Infrastructure Cybersecurity,

version 1.0, the National Institute of Standards and Technology (NIST), February 12, 2014.

– A response to the President’s Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” on February 12, 2013.

• Critical infrastructure: “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

• a voluntary risk-based Cybersecurity Framework

– a set of industry standards and best practices to help organizations manage cybersecurity risks

• The Framework is technology neutral

Risk Management

NIST Cyber Security Framework• Three parts:

– The Framework Core

– The Framework Profile

– The Framework Implementation Tiers

• Framework Core

– A set of activities, outcomes, and informative references

– Providing the detailed guidance for developing individual organizational Profiles

Framework Core• Five concurrent and continuous Functions

– Identify

– Protect

– Detect

– Respond

– Recover

• (Altogether) the functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurityrisk.

Cyber Security Framework

Incident

Management

Functions and Categories

• Functions organize basic cybersecurity activities at their highest level.• Categories are the subdivisions of a Function into groups of cybersecurity

outcomes closely tied to programmatic needs and particular activities. o Example Categories: “Asset Management,” “Access Control,” “Detection

Processes.”

28

• Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories

• Aligning standards, guidelines, and practices to the Framework Core in a particular implementation scenario

• “Current” profile “Target” profile

• Comparison of Profiles may reveal gaps to be addressed to meet cybersecurity risk management objectives.

Framework Profile

29

• The Framework document does not prescribe Profile templates, allowing for flexibility in implementation.

• Example profiles can be found: http://www.nist.gov/itl/upload/discussion-draft_illustrative-examples-082813.pdf

Example Profiles for Threat Mitigation:1. Mitigating intrusions2. Mitigating malware3. Mitigating insider threats

Framework Profile

30

31

32

33

34

Coordination of Framework Implementation

Implementation Tiers• Describe the degree to which an organization’s

cybersecurity risk management practices exhibit the characteristics defined in the Framework.

• Characterize an organization’s practices over a range– from Partial (Tier 1) to Adaptive (Tier 4)

• Partial: risks are managed in an ad hoc manner

• Risk Informed: Risk management practices are approved by management but may not be established as organizational-wide policy.

• Repeatable: Risk management practices are formally approved and expressed as policy.

• Adaptive: The organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities.

– Reflect a progression from informal, reactive responses to approaches that are agile and risk-informed.

35

Challenges• Governance begins at the top of the

organization Executive need to lead

• Managing Cyber Security Challenges Managing Risk continuously

• Evolving Risks Evolving Challenges

Thank you Support the first cissp class training on 25 to 29 April 2016 in Jakarta www.indo-infosec.com

• Our ANNUAL ICION EVENT IN BALI

• www.icion-leadership.com

• Watch our last CISSP COMMUNITY VIDEO EVENT IN PONDOH INDAH

• https://www.youtube.com/watch?v=fqUjXIlCcfM