Cyber Security – New Frontier

Cyber Security – New Frontier

1

February 24, 2015Start Time: 9am US Pacific /12 noon US Eastern/ 5pm

London Time

TT

Sponsored by:Sponsored by:

2

#ISSAWebConf

WelcomeConference Moderator

WelcomeConference Moderator

3

February 24, 2015Start Time: 9am US Pacific

12pm US Eastern/5pm London Time

Director of Product Management, Symantec; NOVA Chapter, ISSA Web Conference Committee

Matthew Mosley

Speaker IntroductionSpeaker Introduction

• Andrew Hay- Research Director at OpenDNS, IR & Forensic practitioner

• Candy Alexander- CISSP CISM, ISSA Int’l Director,Towerwall GRC Consultant

• Anne Rogers- CISSP, PMP, Principal Consultant, PMTech-Pro, LLC

• Remember to type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function.

• Andrew Hay- Research Director at OpenDNS, IR & Forensic practitioner

• Candy Alexander- CISSP CISM, ISSA Int’l Director,Towerwall GRC Consultant

• Anne Rogers- CISSP, PMP, Principal Consultant, PMTech-Pro, LLC

• Remember to type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function.

4

Research Director at OpenDNSIR & Forensic practitionerAuthor, blogger, speaker

Andrew Hay

New Frontier, New Scale, New Threats

Agenda Slide TreatmentAgenda Slide Treatment

Introduction

New Frontier, New Scale, New Threats

Conclusions

About Andrew HayAbout Andrew Hay

Research Director at OpenDNS Former industry analyst IR and forensic practitioner Author, blogger, speaker @andrewsmhay on Twitter

Research Director at OpenDNS Former industry analyst IR and forensic practitioner Author, blogger, speaker @andrewsmhay on Twitter

IntroductionIntroduction

• Examining one infected host cannot likely allow for the diagnoses of a global bacterial or viral outbreak

• It takes the TESTING OF MULTIPLE PATIENTS with similar symptoms, environmental conditions, and other commonalities to determine whether the infection affects only one host or threatens the global community

• The same can be said for MALWARE

• Examining one infected host cannot likely allow for the diagnoses of a global bacterial or viral outbreak

• It takes the TESTING OF MULTIPLE PATIENTS with similar symptoms, environmental conditions, and other commonalities to determine whether the infection affects only one host or threatens the global community

• The same can be said for MALWARE

Image Source: http://commons.wikimedia.org/wiki/File:Ebola_virus_(2).jpg

IntroductionIntroduction

• Security analysts and incident responders often find themselves at a disadvantage– Especially with regards to ATTRIBUTION

for a particular infection

• Malware investigation is often limited to the systems owned by the individual or organization

• LIMITED VISIBILITY into the global community at large

• Security analysts and incident responders often find themselves at a disadvantage– Especially with regards to ATTRIBUTION

for a particular infection

• Malware investigation is often limited to the systems owned by the individual or organization

• LIMITED VISIBILITY into the global community at large

Image Source: http://commons.wikimedia.org/wiki/File:Ebola_virus_(2).jpg

Detection is hard, attribution is harderDetection is hard, attribution is harder

• Detecting malicious activity on your network is hard

• Difficult to monitor ALL possible communication VECTORS and data transmission MEDIUMS

• More difficult still to determine ATTRIBUTION, MOTIVE, and EXTENT

• Detecting malicious activity on your network is hard

• Difficult to monitor ALL possible communication VECTORS and data transmission MEDIUMS

• More difficult still to determine ATTRIBUTION, MOTIVE, and EXTENT

Image Source: http://commons.wikimedia.org/wiki/File:Typhoid_carrier_polluting_food_-

_a_poster.jpg

As the Internet gets bigger…

So too does the submerged portion of the SECURITY ICEBERG…

source: International Telecommunication Union (ITU)source: International Telecommunication Union (ITU)Global ICT Developments, 2001-2014Global ICT Developments, 2001-2014

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014*0.05.0

10.015.020.025.030.035.040.045.0

Individuals using the Internet Active mobile-broadband subscriptionsFixed (wired)-broadband subscriptions

Per 1

00 in

habi

tant

s

“The number of cars connected to the Internet worldwide will grow more than sixfold to 152 million in 2020 from 23 million in 2013.” – IHS Automotive

“The worldwide installed base of smart meters will grow from 313 million in 2013 to nearly 1.1 billion in 2022.” – Navigant Research

“Consumer Electronics M2M connections will top 7 billion in 2023, generating $700 billion in annual revenue.” – Machina Research

“More than two thirds of consumers plan to buy connected technology for their homes by 2019, and nearly half say the same for wearable technology.” – Acquity Group (Accenture Interactive)

source: http://www.forbes.com/sites/gilpress/2014/08/22/internet-of-things-by-the-numbers-market-estimates-and-forecasts /

As with TYPHOID MARY…As with TYPHOID MARY…

• The more cases (incidents) you have, the better suited you are to CONSTRUCT A TIMELINE of events

• At the VERY LEAST you should be able to MAKE MORE INFORMED DECISIONS

• The more cases (incidents) you have, the better suited you are to CONSTRUCT A TIMELINE of events

• At the VERY LEAST you should be able to MAKE MORE INFORMED DECISIONS

New Frontier, New Scale, New Threats

Let’s Take A Look At GAMEOVER ZEUS (GOZ)Let’s Take A Look At GAMEOVER ZEUS (GOZ)

• Peer-to-peer (P2P) variant of the Zeus family of BANK CREDENTIAL-STEALING MALWARE

• Uses a DECENTRALIZED NETWORK INFRASTRUCTURE of compromised personal computers and web servers to execute C2

• Peer-to-peer (P2P) variant of the Zeus family of BANK CREDENTIAL-STEALING MALWARE

• Uses a DECENTRALIZED NETWORK INFRASTRUCTURE of compromised personal computers and web servers to execute C2

Let’s Take A Look At GAMEOVER ZEUS (GOZ)Let’s Take A Look At GAMEOVER ZEUS (GOZ)

• GOZ has been observed…– To make large FRAUDULENT TRANSFERS after targeting

Automated Clearing House (ACH) accounts– To distribute other malware packages, such as

CRYPTOLOCKER– Utilizing DOMAIN GENERATION ALGORITHMS (DGAS)

• Variant 1: 1,000 domains per day• Variant 2: 10,000 domains per day

• GOZ has been observed…– To make large FRAUDULENT TRANSFERS after targeting

Automated Clearing House (ACH) accounts– To distribute other malware packages, such as

CRYPTOLOCKER– Utilizing DOMAIN GENERATION ALGORITHMS (DGAS)

• Variant 1: 1,000 domains per day• Variant 2: 10,000 domains per day

whzacjvoccxr2kbpda1w330bz.biz

z8ty6c1qh6kbs1u6pbix1t610x.net

q9ym0ricof9i1j4cyxorli11b.com

The co-occurrences and relationships of a

NEW GOZ infrastructure

SummarySummary

• The Internet is getting bigger– As are the types and variety of devices– AND the organization’s exposed attack surface area

• Security has to move with you and your devices– “Always-on security” is no longer a marketing buzzword

• The threats are getting more massively distributed– AND harder to discern from legitimate sites

• The Internet is getting bigger– As are the types and variety of devices– AND the organization’s exposed attack surface area

• Security has to move with you and your devices– “Always-on security” is no longer a marketing buzzword

• The threats are getting more massively distributed– AND harder to discern from legitimate sites

Andrew Hay, Research DirectorAndrew Hay, Research Directorandrew.hay@opendns.comandrew.hay@opendns.com

Question and AnswerQuestion and AnswerAndrew Hay

Research Director at OpenDNS

IR & forensic practitioner

Author, blogger, speaker

To ask a question,type your question in the Chat area of your screen.

You may need to click on the double arrowsto open this function.

#ISSAWebConf

Andrew Hay

Research Director at OpenDNS

IR & forensic practitioner

Author, blogger, speaker

To ask a question,type your question in the Chat area of your screen.

You may need to click on the double arrowsto open this function.

#ISSAWebConf

24

25

Thank you!

Andrew HayResearch Director at OpenDNS

@andrewsmhay on Twitter

Cyber Security – New Frontier Cyber Security – New Frontier The New Frontier or a Repeat of the past?

Candy Alexander,

CISSP CISMISSA Int’l Director

Towerwall GRC Consultant

The New Frontier or a Repeat of the past?

Candy Alexander,

CISSP CISMISSA Int’l Director

Towerwall GRC Consultant

Points of discussionPoints of discussion

• Looking back in order to move forward

• Why so many different opinions?

• Cyber Security or Information Security?

• Where are we, anyway

• “To infinity and beyond”

• Looking back in order to move forward

• Why so many different opinions?

• Cyber Security or Information Security?

• Where are we, anyway

• “To infinity and beyond”

27

Looking back in order to move forwardLooking back in order to move forward

• Our profession is based on a reaction to events in our environment

• Originally, security staff came from 3 sources– IT

• Reaction to something gone wrong i.e. unauthorized access patches or mis-configs

• paternal instinct– Law Enforcement:

• Reports of fraudulent actions• Child abductions and worse

– Military• Well, we only left to imagine

• Our profession is based on a reaction to events in our environment

• Originally, security staff came from 3 sources– IT

• Reaction to something gone wrong i.e. unauthorized access patches or mis-configs

• paternal instinct– Law Enforcement:

• Reports of fraudulent actions• Child abductions and worse

– Military• Well, we only left to imagine

28

Development of the Cyber Security RoleDevelopment of the Cyber Security Role

Somebody is trying to get in –

stop them

Somebody got in – find out what

they did

How do we stop somebody from

getting in?

29

Why so many different opinions?Why so many different opinions?• So many of us came from different environments and

reactions to threats and our role in the reaction:– Network security engineers:

• stop’em at the boarder with firewalls, then with intrusion prevention/detection

– Security architects: • locking down systems and building the defense in layers within

the environments– Security analysis:

• manage the implementation projects, patch management, reporting vulnerabilities found, regulations brought new responsibilities

– Security Forensics…– And so on…

• So many of us came from different environments and reactions to threats and our role in the reaction:– Network security engineers:

• stop’em at the boarder with firewalls, then with intrusion prevention/detection

– Security architects: • locking down systems and building the defense in layers within

the environments– Security analysis:

• manage the implementation projects, patch management, reporting vulnerabilities found, regulations brought new responsibilities

– Security Forensics…– And so on…

30

Cyber Security or Information SecurityCyber Security or Information Security

• Many are still asking and many still have differences of opinion.– Information Security– IT Security– Information Assurance

• Reflection of where we are– Information security is the protection of information in all

forms; intellectual, hardcopy, softcopy/electronic– Cyber Security is the protection of information in the cyber

“space”– IT Security (same as cybersecurity but sounds cooler)

• Many are still asking and many still have differences of opinion.– Information Security– IT Security– Information Assurance

• Reflection of where we are– Information security is the protection of information in all

forms; intellectual, hardcopy, softcopy/electronic– Cyber Security is the protection of information in the cyber

“space”– IT Security (same as cybersecurity but sounds cooler)

31

Where are we, anyway?Where are we, anyway?• We are at the cross roads

– Trail blaze - or – look at the map?

• Looking at what we have:– Intellectual & hardcopy information– Softcopy/electronic information – Internet of Things (there I said it)– Fairly well defined types of roles/job titles– Laws, regulations and industry mandates

• What is changing– Technology at lightening speed– Motives; not so much– Methods; not so much (access/credentials !!)

• We are at the cross roads– Trail blaze - or – look at the map?

• Looking at what we have:– Intellectual & hardcopy information– Softcopy/electronic information – Internet of Things (there I said it)– Fairly well defined types of roles/job titles– Laws, regulations and industry mandates

• What is changing– Technology at lightening speed– Motives; not so much– Methods; not so much (access/credentials !!)

32

Take control of our destiny – To infinity and

Beyond!

Take control of our destiny – To infinity and

Beyond!As a profession

– International Consortium for Cyber Security Education and Professional Development • Commonality of jobs, titles, responsibilities

– ISSA’s Cyber Security Career Lifecycle• Knowledge, Skills and APPITUDES• Career “mapping” rather than training map

– Encourage the “missing generation” to join us• Higher Education• Goodwill Hunting • Career cross-overs

– Educate legislators, business leaders, mom & dad, consumers and children.

As a profession– International Consortium for Cyber Security

Education and Professional Development • Commonality of jobs, titles, responsibilities

– ISSA’s Cyber Security Career Lifecycle• Knowledge, Skills and APPITUDES• Career “mapping” rather than training map

– Encourage the “missing generation” to join us• Higher Education• Goodwill Hunting • Career cross-overs

– Educate legislators, business leaders, mom & dad, consumers and children.

33

Take control of your destiny – To infinity and

Beyond!

Take control of your destiny – To infinity and

Beyond!• As a professional –

– Cyber Security Career Lifecycle– Understand where you currently are in your career– Self assessment of your KSAs– Examine the “gap” of KSA– Resources

• Knowledge - latest threats, tools, mentoring• Training - formal training, chapter training, webinars• Networking - peer knowledge sharing and community

• Like Lowe’s tagline “Never stop improving “

• As a professional –– Cyber Security Career Lifecycle

– Understand where you currently are in your career– Self assessment of your KSAs– Examine the “gap” of KSA– Resources

• Knowledge - latest threats, tools, mentoring• Training - formal training, chapter training, webinars• Networking - peer knowledge sharing and community

• Like Lowe’s tagline “Never stop improving “

34

The New Frontier – The Changing Face of SecurityThe New Frontier – The Changing Face of Security• Technology changes, why

shouldn’t we?– Back to our roots as innovators but

remembering the basics• Passwords

– Need to think outside the box• Tech progresses, but our approach

to protect doesn’t or is slow…

• Unification based on Trust– Us vs. “them”– Need to act and work as a

community – Share knowledge – Communicate

• Technology changes, why shouldn’t we?– Back to our roots as innovators but

remembering the basics• Passwords

– Need to think outside the box• Tech progresses, but our approach

to protect doesn’t or is slow…

• Unification based on Trust– Us vs. “them”– Need to act and work as a

community – Share knowledge – Communicate

35

If we don’t adapt, we will always lag behind.

Question and AnswerQuestion and Answer

#ISSAWebConf #ISSAWebConf

36

Candy AlexanderCISSP CISM

ISSA Int’l DirectorTowerwall GRC Consultant

To ask a question,type your question in the Chat area of your screen.

You may need to click on the double arrowsto open this function.

37

Thank you!

Candy AlexanderCISSP CISM

ISSA Int’l DirectorTowerwall GRC Consultant

Cyber Security - New FrontierGetting Worse?…So what should we do Now?Cyber Security - New Frontier

Getting Worse?…So what should we do Now?

Anne Rogers CISSP, PMP

Principal Consultant

PMTech-Pro, LLC

Pat Myers

Cyber Security - New FrontierCyber Security - New Frontier

• Introduction

• The Evolving “Ecosystem”

• Redefining “Us” vs. “Them”

• A Different Focus and Approach

• Strategic Goals

• Survival Tactics

• Introduction

• The Evolving “Ecosystem”

• Redefining “Us” vs. “Them”

• A Different Focus and Approach

• Strategic Goals

• Survival Tactics

39

Cyber Security – Speaker IntroductionCyber Security – Speaker Introduction• Information Management and Security

Consultant : Healthcare, O&G, Utilities, etc.

• Former– Director, Information Safeguards for

Waste Management (WM), and– Director, WM’s ASCLD-Certified Forensic Lab

supporting Investigations & eDiscovery

• Currently– Director on the ISSA International Board– Director on the Houston InfraGard Chapter Board

• Speaker, Contributing Author (ABA),

• Information Management and Security Consultant : Healthcare, O&G, Utilities, etc.

• Former– Director, Information Safeguards for

Waste Management (WM), and– Director, WM’s ASCLD-Certified Forensic Lab

supporting Investigations & eDiscovery

• Currently– Director on the ISSA International Board– Director on the Houston InfraGard Chapter Board

• Speaker, Contributing Author (ABA),

40

Cyber Security – Evolving EcoSystemCyber Security – Evolving EcoSystem

• Clearly, Adversaries & Threats have “Evolved”

– Organized Industry for Malware, Crime, Theft and Destruction many “for hire” services

– More sophisticated, stealthy and evasive, morphing “bad stuff” each month

– Our Opponents: Hackers, Criminals, “Ideologues”, and Nation States (including our own)

– Still Too Hard to Quantify the Value of Your Information? • It’s happening on the “back end” of the theft processes

• Clearly, Adversaries & Threats have “Evolved”

– Organized Industry for Malware, Crime, Theft and Destruction many “for hire” services

– More sophisticated, stealthy and evasive, morphing “bad stuff” each month

– Our Opponents: Hackers, Criminals, “Ideologues”, and Nation States (including our own)

– Still Too Hard to Quantify the Value of Your Information? • It’s happening on the “back end” of the theft processes

41

42

Cyber Security – “Us” or “Them”?Cyber Security – “Us” or “Them”?

• Partners, Colleagues, Others – Who is “Friend or Foe?”

– Blurred boundaries, interconnections, shifting roles and relationships (competitor, JV partner, M&A target,etc.)

– Highly connected, technology-oriented workforces and customers (“Shifting Expectations”)

– Vast Computing power in hands of “Users”

– And…Humans are still the “click-oriented” weak points

• Partners, Colleagues, Others – Who is “Friend or Foe?”

– Blurred boundaries, interconnections, shifting roles and relationships (competitor, JV partner, M&A target,etc.)

– Highly connected, technology-oriented workforces and customers (“Shifting Expectations”)

– Vast Computing power in hands of “Users”

– And…Humans are still the “click-oriented” weak points

43

Cyber Security –Now a News “Buzz Word”Cyber Security –Now a News “Buzz Word”

• We all swim in the same “polluted” network waters– Maybe we’re “targeted”, or – Maybe we’re just a “drive by”, convenient victim, but…– Electronic “immune systems” being stressed to break points

• Bigger, more troubling breaches, thefts, destructive incidents revealed each month

• And still… the headlong rush to connect everything

• Cyber Security –Getting Great Attention from Media, Industries, and Governments, Regulators

• We all swim in the same “polluted” network waters– Maybe we’re “targeted”, or – Maybe we’re just a “drive by”, convenient victim, but…– Electronic “immune systems” being stressed to break points

• Bigger, more troubling breaches, thefts, destructive incidents revealed each month

• And still… the headlong rush to connect everything

• Cyber Security –Getting Great Attention from Media, Industries, and Governments, Regulators

44

Cyber Security – More Directives Coming Cyber Security – More Directives Coming “Somebody do something!...(There ‘oughta’ be a law!” )

• Federal, State, International, Contractual Initiatives - on the Horizon

– More Compliance pressures –> avoid penalties and lawsuits

– True Security concerns –> avoid serious losses and breaches

– More Challenges

• Conflicting requirements – unintended consequences• Balancing Security priorities and Business priorities • Understanding/Managing Risk Exposures• Cost - Benefit tradeoff decisions

– Is our defensive, reactive approach working?

“Somebody do something!...(There ‘oughta’ be a law!” )

• Federal, State, International, Contractual Initiatives - on the Horizon

– More Compliance pressures –> avoid penalties and lawsuits

– True Security concerns –> avoid serious losses and breaches

– More Challenges

• Conflicting requirements – unintended consequences• Balancing Security priorities and Business priorities • Understanding/Managing Risk Exposures• Cost - Benefit tradeoff decisions

– Is our defensive, reactive approach working?

45

Try A Different Focus and Approach Try A Different Focus and Approach

STOP! Think like Strategists vs. “Techno-Defenders”

– Define Strategic Goals and Objectives, then tackle your• Strategy and Plans• Tactics• Tools

– “Sanity check” your Strategic Goals?

• “Lofty Goals” are great often unattainable/too costly• Realistic, Pragmatic Goals Actionable and Achievable

STOP! Think like Strategists vs. “Techno-Defenders”

– Define Strategic Goals and Objectives, then tackle your• Strategy and Plans• Tactics• Tools

– “Sanity check” your Strategic Goals?

• “Lofty Goals” are great often unattainable/too costly• Realistic, Pragmatic Goals Actionable and Achievable

46

Strategic Goals Strategic Goals

Try this definition on for size:

– A Realistic Strategic Goal is:

• What you are willing to settle for– Under this set of circumstances,– Against these particular opponents/obstacles,– Within this specified time period, and– At this acceptable level of cost

– If you cannot articulate a Goal in terms like these, it will be tough to define an effective strategy, plans and tactics.

Try this definition on for size:

– A Realistic Strategic Goal is:

• What you are willing to settle for– Under this set of circumstances,– Against these particular opponents/obstacles,– Within this specified time period, and– At this acceptable level of cost

– If you cannot articulate a Goal in terms like these, it will be tough to define an effective strategy, plans and tactics.

47

Strategic Goals Strategic Goals

– We are being attacked and we will be “infected”

(Where, When, How…not “if”…)

– What are your Realistic Goals for:• Protecting high value assets• Detecting threats-blocking intrusions• Responding:

– Controlling Damage– Cleanup – Analysis,– Future Prevention (what’s learned from incidents,

for future “immunity or faster “mitigation response”, etc.)

– We are being attacked and we will be “infected”

(Where, When, How…not “if”…)

– What are your Realistic Goals for:• Protecting high value assets• Detecting threats-blocking intrusions• Responding:

– Controlling Damage– Cleanup – Analysis,– Future Prevention (what’s learned from incidents,

for future “immunity or faster “mitigation response”, etc.)

48

Strategic Goals Survival Tactics Strategic Goals Survival Tactics

– Can’t protect everything, everywhere, all of the time?– Set Strategic Goal & Focus Plans/Tactics on the goal

Example:Prevent unauthorized access to or any data exfiltration from a designated group of servers and databases in location X.

Given this goal, lay out strategy, plans, tactics and tools needed to achieve this goal.

Identify key actions, processes and tools to implement the plan.

– Can’t protect everything, everywhere, all of the time?– Set Strategic Goal & Focus Plans/Tactics on the goal

Example:Prevent unauthorized access to or any data exfiltration from a designated group of servers and databases in location X.

Given this goal, lay out strategy, plans, tactics and tools needed to achieve this goal.

Identify key actions, processes and tools to implement the plan.

49

Strategic Goals Survival Tactics Strategic Goals Survival Tactics

Example - Plan & Tactic Apply Context-based security for the designated environment

– Control who can go to where, from where, when, and doing what– Rethink “network Zones” approach – track both in and out– Limit movement of Valuable data (to where and from where)– Identify the data’s value and the amount to spend on securing it

Side Note: Valuation of designated Information “no longer optional” (If you don’t do this, the thieves will… after they steal it.)

Example - Plan & Tactic Apply Context-based security for the designated environment

– Control who can go to where, from where, when, and doing what– Rethink “network Zones” approach – track both in and out– Limit movement of Valuable data (to where and from where)– Identify the data’s value and the amount to spend on securing it

Side Note: Valuation of designated Information “no longer optional” (If you don’t do this, the thieves will… after they steal it.)

50

Strategic Goals Survival Tactics Strategic Goals Survival Tactics

Example - Plan & Tactics:– Greatly Improve “Friend or Foe” determination

– Use Strong, multifactor authentication(MFA) for access to valuable data, controls, and high risk activities

– Keep MFA Controls and Authenticators out of band, off platform • Smartcards, phone calls and pins, etc.• Not where high value information resides

– Audit, Instrument, Analyze • Who does what from where and when • Define triggers for automated alerts and blocking

– Use “Default Deny” for high value info and high risk activities

Example - Plan & Tactics:– Greatly Improve “Friend or Foe” determination

– Use Strong, multifactor authentication(MFA) for access to valuable data, controls, and high risk activities

– Keep MFA Controls and Authenticators out of band, off platform • Smartcards, phone calls and pins, etc.• Not where high value information resides

– Audit, Instrument, Analyze • Who does what from where and when • Define triggers for automated alerts and blocking

– Use “Default Deny” for high value info and high risk activities

51

Cyber Security Survival Tactics Cyber Security Survival Tactics

– Assess, Know, Prepare

– Basic hygiene is not optional (expected base level security)

– Detection and Response - Remediation capabilities are key

– Requires Risk-based thinking on many fronts

– Rethink your assumptions and understand:• What you know and what you don’t know• What you can do with what you have• Look for Synergies – how and where to build the best synergistic

improvements to your overall security posture

– Assess, Know, Prepare

– Basic hygiene is not optional (expected base level security)

– Detection and Response - Remediation capabilities are key

– Requires Risk-based thinking on many fronts

– Rethink your assumptions and understand:• What you know and what you don’t know• What you can do with what you have• Look for Synergies – how and where to build the best synergistic

improvements to your overall security posture

52

Survival Tactics - Rule of the RoadSurvival Tactics - Rule of the Road

– Focus on your most valuable systems and information

– Identify what you must know to effectively apply controls

– Look for/use tools and features you may already have

– Fill security and control gaps with Strategic goal in mind

– Measure progress in terms of movement toward the Strategic Goals

– Focus on your most valuable systems and information

– Identify what you must know to effectively apply controls

– Look for/use tools and features you may already have

– Fill security and control gaps with Strategic goal in mind

– Measure progress in terms of movement toward the Strategic Goals

53

Question and AnswerQuestion and Answer

CISSP, PMP Principal Consultant

PMTech-Pro, LLC

To ask a question, typeyour question in the Chat area of your screen.

You may need to click on the double arrowsto open this function.

#ISSAWebConf

CISSP, PMP Principal Consultant

PMTech-Pro, LLC

To ask a question, typeyour question in the Chat area of your screen.

You may need to click on the double arrowsto open this function.

#ISSAWebConf

54

Anne Rogers

55

Thank you!

Anne RogersCISSP, PMP

Principal Consultant, PMTech-Pro, LLC

• Andrew Hay Research Director at OpenDNS

IR & forensic practitioner

• Candy AlexanderCISSP, CISM

GRC Security Consultant/Virtual CISO at

Towerwall, Inc.

• Anne Rogers CISSP, PMP

Principal Consultant, PMTech-Pro, LLC

• Andrew Hay Research Director at OpenDNS

IR & forensic practitioner

• Candy AlexanderCISSP, CISM

GRC Security Consultant/Virtual CISO at

Towerwall, Inc.

• Anne Rogers CISSP, PMP

Principal Consultant, PMTech-Pro, LLC

56

#ISSAWebConf

Open Panel with Audience Q&ATo ask a question,

type your question in the Chat area of your screen.You may need to click on

the double arrowsto open this function.

I would like to thank Andrew, Candy and Anne for lending their time and expertise to this ISSA Educational Program. Thank you to OpenDNS for sponsoring this webinar.

Thank you Citrix for donating the Webcast service.

I would like to thank Andrew, Candy and Anne for lending their time and expertise to this ISSA Educational Program. Thank you to OpenDNS for sponsoring this webinar.

Thank you Citrix for donating the Webcast service.

57

#ISSAWebConf

Closing Remarks

• Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz.

• After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits.

• On-Demand Viewers Quiz Link information:• http://

www.surveygizmo.com/s3/2021914/ISSA-Web-Conference-Feb-24-2015-Cyber-Security-New-Frontier

• Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz.

• After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits.

• On-Demand Viewers Quiz Link information:• http://

www.surveygizmo.com/s3/2021914/ISSA-Web-Conference-Feb-24-2015-Cyber-Security-New-Frontier

58

#ISSAWebConf

CPE Credit