Upload
ibm-srbija
View
711
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
PRESENTATION TITLE:Compliance Management u bankarstvu - TSIEM
PRESENTER’S NAME:Nina Ugrinoska
Agenda
• Problemi i inicijativa
• Sigurnost podataka - regulativa ili potreba
• Priprema, analiza rizika, izbor produkta
• TSIEM (Tivoli Security Information and Event Management)
• Definisanje procesa, privilegija i odgovornosti
• Sta obuhvatiti, koje rezultate ocekivati i alerting
• Implementacija, testiranje I konsolidacija
• Operativni rad, razvoj I unapredjenje sistema, reporting
• Summary : Dali smo sigurni da smo sada SIGURNI?
• Q & A
Problemi i inicijativaAwareness
-How would you stop the flood?
Communication is vital
-Hi, I came to ask you about the M procedure.
-M procedure?!
-Yes. The procedure you wrote about M.
-Oh, that M procedure. Yes there is an M procedure.
-Can I take a look at it?
-Yes, it is on public file server.
-Could you please give me some details? Number, name, folder?
-Oh, wait... it is here somewhere...
no... maybe here... ...
Hey guys who wrote the M procedure?
Maybe Nick... Where is Nick?
- Never mind, sorry to bother you, bye.
Problemi i inicijativa
• Transformation of organization
• - Business process
• - Corporate culture (International and multicultural)
• Myths about IS
• - It is too expensive! (Can we afford it?)
• - IS = IT Security
- Many security problems can’t be solved with technology.
- It happens to somebody else
- “More than 30% of those polled by the National Cyber Security Alliance (NCSA) think they'll take a
bolt of lightning through the chest before they see their computers violated in an Internet attack.”
- “I’ve got brand new, 10000$ firewall system. I’M SAFE!”
- 90% of security breaches are results of bad configuration
- 70% of security breaches may come from inside
- Common sense, not a rocket science!
• - Cool! I wrote it so everybody knows it!
• - If they sign the policy when they get hired, they will remember it always.
• - Employees think about information security policy before they go to sleep.
Problemi i inicijativa
2010 Top Security Threats
1. Cyber/Communication Security: Internet/Intranet Security
2. Workplace Violence Prevention/Response
3. Business Continuity Planning/Organizational Flexibility
4. Employee Selection/Screening
5. Unethical Business Conduct
6. Crisis Management and Response: Political Unrest/Regional Instability/National
Disasters
7. Property Crime
8. General Employee Theft
9. Travel Security
10. Fraud/White-Collar Crime
Sigurnost podataka (Information Security) – regulativa ili potreba
“Information is the result of processing, manipulating and organizing data in a way that adds to the knowledge of the person receiving it.”
“The security of a system is the extent of protection against some unwanted occurrence such as the invasion of privacy, theft, and the corruption of information or physical damage.”
“The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.“
“Protection of information for confidentiality, integrity and availability.”
"4 P's" of security: People, Policy, Process and Product.
Compliance with obligatory legislatives and accepted standards
Risk mitigation
ROI Business damage
Ensure BC&DR
Sigurnost podataka (Information Security) – regulativa ili potreba
There is a risk in any usage of information system
Every manager developing or using IS should understand the risks and steps involved in risk aversion to confront them.
News and magazines are covered with stories about hackers and viruses. But there is little or no detail about companies suffering from the attacks or profit losses because of IS breakdowns.
Term “Information security” has different meaning for different people. For vendors security is a product, for many organizations it is something IT manager must take care of, for most of the users it means involuntary limits of what they can do with the corporate computers. All of these views are dangerously narrow.
Information's are the heart of modern economy. Confidentiality, integrity and availability of these information's are fundamental for any organizations' survival in the market.
We can not predict when, where, what, how and how long will be attacked, but when it happens we must be ready and willing to defend from the attack.
Sigurnost podataka (Information Security) – regulativa ili potreba
ADVICE
Draw on the right expertise to understand the security threats you face and your legal responsibilities.
Integrate security into normal business practice, through a clear security policy and staff education.
Invest appropriately in security controls (to mitigate risks), or in insurance (to transfer them).
Check your key security defences (such as operating system patches, disaster recovery plans, etc.) are robust and up to date.
Respond to security incidents efficiently and effectively, to minimise business disruption.
Sigurnost podataka (Information Security) – regulativa ili potreba
No information system is immune to cyber criminal.
Each and every organisation will experience, one or more, disruptions, misuses or attacks.
Disasters can and will happen. Discontinuity is not an option in doing business. Recovery is always costly and takes time. There is always an option of permanent data loss.
Theft or loss of business plans, client data, contracts, intellectual property, project design and industrial technology may deliver long term financial damage to the organization.
Information system resource misuse has direct financial impact.
Privacy can be compromised and company would be subject to legal measures.
Reputation can be destroyed. Organizations that are unable to protect the privacy of the staff and client information will suffer the penalties and pay the fines. Partnership relations will be damaged, brand and public image will be shaken.
Question is not whether we can afford our defence, it is whether we can afford not to defend against information security threats.
There is no security without business requirement.
Better safe than sorry!
Sigurnost podataka (Information Security) – regulativa ili potreba
SUMMARY
Incidenti
Rizici
Privilegirani korisnici
Heterogena struktura
Forenzik i menadzerski zahtevi
Revizorski izvestaji
Supervizorski izvestaji Centralne Banke
Regulativa Centralne Banke
Ostali regulatorni organi
Priprema, analiza rizika, izbor produkta
• Analiza rizika (risk assesment) –
osnova za implementaciju
sigurnosti
• Menadziranje rizika (risk
management & risk threatment )
• Implementacija kontrola
• Prihvatanje rizika (risk
acceptance)
• Prenos rizika na druge subjekte
Priprema, analiza rizika, izbor produkta
• Projektni Tim – Information Security Officer, Risk Officer,
Compliance Officer, IT Manager, Internal Audit, Controling
Officer, Top Management, Middle Management……
• Definicija zahteva i potrebe za monitoring odredjenih sistema
• Definicija sistem ownera za kontrolu za svaki sistem
• Definisanje privilegija u odnosu koriscenja sistema
• Postavljanje zahteva za tender
• Velika razlika u Log Management Produktima
• Evaluacija dobijenih ponuda
• Izbor produkta koji zadovaljava sve zahteve
Priprema, analiza rizika, izbor produkta
Zasto IBM Tivoli Securitu Information and Event Management?
• Odgovarao je nasim zahtevima
• Tim strucnih konsultanta
• Reference u bankarskim sistemi
• Implementacija i support
• Post produkciski support
• Compliance izvestaji
• Forenzik
• On-line interakcija
• Ostali produkti na trzistu
TSIEM Tivoli Security Information and Event Management
TSIEM
Struktura normalizovanih logova W7 Metodologija
TSIEM
TCIM – Tivoli Compliance Insight Manager
• TCIM – Tivoli Compliance Insight Manager –
Windows Server sa DB2
• Cuva raw logs koji su potpisani u depo
• Proces normalizacije i cuvanje u DB2
• GEM (generic event module) za srodne baze logova
• Radi sa agentima koji se instaliraju na serverima
• Kolektori
• Podrzani produkti – Microsoft produkti, Check Point,
Cisco ….
TSIEM
TCIM
• Razlicni event source (jedan device moze imati
vise event source)
• User information source (AD)
• Srodni event source sa razlicitih device idu u
istu bazu
• Router and switch – syslog server events
• Politika za svaku bazu (na nivou baze)
• Self audit TSIEM baze
TSIEM
Event Source View
TSIEM
Dashboard
TSIEM
Reports
TSIEM
Reports
Definiranje procesa, privilegija i
odgovornosti
OO + NT = EOOBusiness process reengineering
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
Organization Design / Strategy
• Organization is a network of people interacting with each other - contains
interactions between people & elements (it drives culture, governance &
architecture). IS as a component needs to map to the whole organization
• Strategy specifies the goals & objectives to be achieved as well as the
values & missions to be pursued. (business formula for success, setting
the basic direction).
• Design relates to the formal organization structure
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
Process
• Includes formal & informal mechanisms to get things done
• Provides vital link to all of the dynamic interconnections
• Process is designed to identify, measure, manage, & control risk,
availability, integrity & confidentiality, & to ensure accountability
• Can be COBIT; ITIL; ISO27002 or a combination
Technology
• Organizational Infrastructure
• Tools that make processes more efficient.
• Used to meet organization’s mission
• The ‘glue’ for IS issues
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
People
• Represents the human resources & IS issues that surround them
• Collective of human actors inc. values & behaviors
• All whose efforts must be coordinated to accomplish the organization’s
goals
• Not just units of “one” since each individual comes with all their
experiences, values, etc
• Need to harness ‘human intelligence’
Definiranje procesa, privilegija i
odgovornosti • Lista servera, produkta i uredjaja za logiranje
• Odgovorni zaposleni za pojedine sisteme (system owners) i njihove
privilegije
• Odgovornosti za dnevne ili periodincne taskove na Log Management
sistemu
• Usaglasenost sa internim politikama i procedurama
• Business Continuity & Disaster Recovery
• Definiranje inicijalnih politika I grupa
• Podela na grupe : korisnici, administratori, srodni serveri, srodne
aktivnosti….
Korelacije izmedju odredjenih sistema
Policy Rules – gde daje alert na “policy exception”
Special Attention Rules – gde daje alert kada se dogodi definisana
aktivnost
Definiranje procesa, privilegija i
odgovornosti
Definiranje procesa, privilegija i odgovornosti
Grupiranje u TCIM
Sta obuhvatiti, koje rezultate ocekivati,
alerting
• Koji sistemi nas interesuju
– DB
– aplikacije
– OS
– devices
– desktop
• Koji eventi sa sistema
– Tipicni
– Netipicni
• Kako reagirati na odredjene evente
• Koji su incidenti za koje treba postaviti alert
• Kakve rezultate ocekivati od Tivoli-ja
• Bez prethodnog definisanja potreba, nemozemo ocekivati zeljeni output
Implementacija, testiranje I konsolidacija
• Implemetacija u saradnji sa vendorima na bazi nasih
zahteva
• Best practice
• Definisanje svih politika
• Instalacija agenta na sistemima
• Izrada tehnicke dokumentacije
• Izrada korisnicke dokumentacije
• Testiranje sistema, dali se dobijaju zeljeni rezultati I
alerti
Operativni rad, razvoj i unapredjenje
sistema, reporting
• Dediciran full time job position
• Odrzavanje sistema, redovni bekapi,
availability sistema
• Razvoj i dopuna politika prema potrebama
izvestajnog dela
• Uciti na greskama definicija grupa, politika,
alertinga
Operativni rad, razvoj i
unapredjenje sistema, reporting
• Forenzicke analize
• Implementiranje novih zahteva
• Definicija izvestaja
• Compliance izvestaji
• Custom izvestaji
• Adhoc izvestaji
Kako resiti sigurnost i regulativu?!?!
Trust
(Pray)
Open source
(Is it really free of charge?)
Commercial
(OK, How many zeroes?)
Outsource
(“I’m Winston Wolf, I solve problems.”)
Summary : Dali smo sigurni da smo sada
SIGURNI
• Dali nam je Tivoli resio probleme?
• Ili nam generirao nove?
• Uz implementaciju Tivolija smo naucili da je osnova sigurnosti
detaljna analiza biznis procesa (organizacije, zaposlenih i
tehnologije)
• Sa implementacijom Tivolija smo unapredili i struktuirali
celokupno poslovanje.
Summary : Dali smo sigurni da smo sada
SIGURNI
Q & A
Thank you