TFO & Incident centered security management - Department of ...

Incident-Centered Security Management
CSI 2010/11 Survey: 41% of respondents had significant security incidents
Introduction
CIS 8080
Security and Privacy of Information and Information
Systems
Richard Baskerville
LEFT OF
BANG
t
RIGHT OF
BANG
Georgia State
University
Prof. Merrill Warkentin of Mississippi
State University recognized the conceptual
value of this IED management approach
for general security management.
1
2
Modes of Protection
Different Action Paradigms
Prevention
Response
Risk
Management
Forensics
and
Incident
Response
t
t
3
4

Model Assumptions
Logical Structure of Models
5
6
Organizing Principles
Interaction of Left & Right Paradigms
Left of Incident
Right of Incident
Indications &
Warnings
Prevent
Refine
Information System
Resource
Contain, Recover, Harden
Threat
Incident
Detect
Respond
Deter
Legislate &
Policy Setting
Investigate, Notify,
Sue, Prosecute,
Retaliate
Adapted from Denning, D. E. (1999). Information Warfare and
Security. Reading Mass: Addison-Wesley.
7
8

Incidents
Theory of Secure Information
Systems
Prevention
t
Recovery
Hoffman, L., Michelman, E., and Clements, D. "SECURATE - Security evaluation and analysis
using fuzzy metrics," in: AFIPS National Computer Conference Proceedings, 1978, pp. 531-
540.
The natural relationship involves the association of potential
intrusion activities associated with each member of the set of
system objects. These threat-object relations defined a set of
edges T i O j that manifest the components of insecurity or risk
in systems.
T 1
T 2
O 1
O 2
T 3
O 3
T 4
O m
T n
T
O
9
10
Theory of Secure Information
Systems
The relationship between a set of system objects (each with a
loss value), a set of threats (each with a likelihood), and a set
of system security features (each with a resistance). In a
protected system, all edges are instead prescribed in the form
T i F k and F k O j that represents the insertion of security features
between threats and system objects.
Security Objects
T 1
T 2
F 1
F 2
T 3
F 3
T 4
T n
O 1
O 2
O 3
F l
O m
T F O
11
12

Types of Security Objects
PPhysical Assets
< Computers and communications machinery
< Attack with physical assaults
PSoft Assets
< Protocols and software
< Attack with cracking and malicious code
PPsychic Assets
< Perceptions and information
< Attack with data falsification
Security Threats
13
14
Security Breaches
CSI 2010/2011 Computer Crime and Security Survey
P Malware Infection: 67%
P Misrepresented by phishing: 39%
P Laptop/mobile theft: 34%
P Bots or zombies inside the organization: 29%
P Insider abuse of internet (porno, pirate, abusive email):
25%
P Denial of service attacks: 17%
P Insider unauthorized access to info: 13%
P Password sniffing: 12%
P Outsider system penetration: 11%
Impacts
CSI 2010/2011 Computer Crime and Security Survey
P Compromise of personal identifiable info 16%
P Theft of proprietary information: 10%
P Financial fraud: 9%
P Targeted attacks: 45.2%
P Concern for insider & fraud giving way to “targeted
attacks”
< Advanced Persistent Threats
< Attack 2.0
15
16

Data Breach Victims
2013 Verizon Data Breach Investigation Report
Data Breach Perpetrators
2013 Verizon Data Breach Investigation Report
17
18
Breaching Techniques
2013 Verizon Data Breach Investigation Report
Data Breach Commonalities
2013 Verizon Data Breach Investigation Report
19
20

Security Features
Security Features
International
Treaties
Standards
Laws
Institutions
Security
Policies &
Organizations
Practices &
Safeguards
CobiT
ISO 27001
ISO 27002
21
22
Regulatory Compliance Improves Security
Double-Edged Complexity
T 1
T 2
O 1
O 2
T 3
O 3
T 4
O m
T n
T
O
Applicable regulations from:
2010/2011 CSI Computer
Security Survey
T 1
T 2
F 1
F 2
T 3
F 3
T 4
T n
O 1
O 2
O 3
F l
O m
T F O
23
24

Introduction
CIS 8080
Security and Privacy of Information and Information
Systems
Richard Baskerville
Georgia State
University
25
26