Are You Well Positioned? Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence Program
Jul 25, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Are You Well Positioned?Using Threat Information to Build Your
Cyber Risk Intelligence Program
2
• The CISO mission: show how ongoing operational costs and investments support business activities
• CISO’s need to think more about the Boardroom and not the Server Room
• Protecting everything equally leads to trouble as NOT ALL RISKS ARE CREATED EQUAL
• Regulators, insurers & risk committees expect due diligence and due care in mitigating threats that create risk
Setting the Stage
“We believed we were doing things ahead of the industry. We thought we were well-positioned.”
- Frank Blake, Chairman of Home Depot
3
How Did Audit Play?
• Home Depot said they assembled an ‘incident response team’ and went through a 5 hour audit committee review– Audit was relied on to understand status at the time of the attack – Measuring cyber risk was not a recurring effort from an operations
resilience view – Was it treated as …
• an internal control?• a benchmark review?• a check box?
“Assessments of the nature of the threat weren’t sufficient.”
- Frank Blake
4
How Audit Should Play
• Audit should measure your proficiency against a particular benchmark:– Business Resilience?– Risk Intelligence?– Defining Well Positioned?– Assessing Digital Harm?
(How a business unit’s goals could be impacted by a cyber event)
5
My Favorite Definition of Risk Intelligence
“The organizational ability to think holistically about risk and uncertainty, speak a common risk language, and
effectively use forward-looking risk concepts and tools in
making better decisions, alleviating threats, capitalizing on opportunities,
and creating lasting value.”
- Leo Tilman
6
The Fabric of Cyber• Cyber is tied to the fabric of
everything necessary to run a business, connecting/enabling your: – Supply chain– Customer base– Business support applications– Financials– IT Infrastructure– Marketing and Sales– Communications
7
Our Approach to Cyber is Not Working
Too many organizations rely on tools alone to solve
their problems
8
ToolsTools have outputs
ProgramsPrograms have
outcomes
The Question
“Are we well-positioned for cyber risk in our
organization and how do we compare to our
competitors?”
9
What Kind of Program Do You Want to Create?
IT Security Program?
Cyber Security Program?
Risk Management Program?
I would propose it is none of those terms, rather a Cyber Risk Intelligence Program…
10
But Why a Cyber Risk Intelligence Program?
• Cyber risk intelligence overlays and aligns data of who you are as a company on top of cyber threat data and is used to focus on making decisions and taking the right action. – How you are positioned?
– How do you compare to others in your industry?
– What people, process and technology is needed in order to reduce your risk exposure throughout all levels of the organization?
11
Create a Mission Statement
“Be well-positioned for cyber risk in our organization”
12
You Can Likely Start Now
Your organization already likely collects intelligence on:
Yet “cyber” continues to have little visibility!
13
• Sales
• Marketing
• Customers
• Financials
• Logistics
• Competitors
Stop Talking Techno-Dork
14
Cyber risk intelligence IS NOT:
Cyber risk intelligence IS:
About what new threat signatures
you can pump into your SIEM
Understanding cyber risk intelligence as it relates to your business and supply chain
Only about what you're SOC Analysts can see
Understanding what you are getting out of your cyber spend and if you are well positioned
Just an Information Technology problem
• A brand and reputation problem• A resilience problem• A financial problem
Don’t be an Actionable Actionating Actionator
You are an Actionable Actionating Actionator if:• You perform actionable actioning
on threat intelligence actions
• You’re not able to influence the decisions of the decision makers
• You seem to be really busy assessing information. i.e. whack a mole
15
16
Intelligence needs to
focus your organization on
Making Decisions and
Taking Action
How is Your Intelligence Used?
17
1. Align tactical and strategic cyber intelligence resources as well as high and low level data sets
- You need a 360 degree view
- Create a capability for total situational awareness – Tactical, Strategic, Internal and External
2. Shape resource allocation around measurable and observed threats
- Apply the proper resources to the proper threat
Best Practices
18
3. Map cyber risk to your organization’s Key Business Areas
- How does the threat program affect the decisions of the business unit?
- Is the organization “Well Positioned” against observed threats?
4. Mind the gap – Cyber Risk Intelligence is a program and not a tool
- Tools have outputs, programs have outcomes
Best Practices… Continued
Measuring Cyber Risk Intel
• Start Simple– Good business managers run things on a foundation of the
evaluated intelligence – it’s the thing you know.
• Make Risks Learnable– Learnable risks are the ones we could make less uncertain if
we took the time and resources to learn more about them.
– Random risks are defined as those that had no analysis.
– Separating learnable risks from random ones in business decisions for causes or drivers can make them less uncertain.
– Tie Learnable risks to anything that makes you “you”.
19
Use Cyber Risk Intelligence to Drive Better Security Decisions
20
21
Thank You!
www.surfwatchlabs.com
Related Documents
