Professional Documents
Culture Documents
CYBERSECURITY
Dr. Vilius Benetis, ISACA Lithuania Chapter, NRD CS
18 October 2016
TODAYS SPEAKER
AGENDA
Tip #0 on please enable personal account strong authentication:
google, Facebook, Evernote, office365, dropbox, ..
Read more: https://twofactorauth.org/
Tip #1 on Clarification on Cybersecurity Domain
Tip #2 on Auditing Process and Cybersecurity
Tip #3 on CIS Critical Security Controls
Tip #4 on Auditing Cybersecurity Skills
3
2016 ISACA. All Rights Reserved
#1 ON CLARIFICATION ON
CYBERSECURITY DOMAIN
4
2016 ISACA. All Rights Reserved
GOOGLE IT:
CYBERSECURITY
DEFINITION
Where do we start?
Lets ground the terms
5
2016 ISACA. All Rights Reserved
GOOGLE IT:
CYBERSECURITY
DEFINITION
Where do we start?
Lets ground the terms
6
2016 ISACA. All Rights Reserved
7
2016 ISACA. All Rights Reserved
ISO 27032:
8
2016 ISACA. All Rights Reserved
ISO 27032:
9
2016 ISACA. All Rights Reserved
10
2016 ISACA. All Rights Reserved
11
2016 ISACA. All Rights Reserved
12
2016 ISACA. All Rights Reserved
Automation of
business
functions
Ex. Assess
org./IS resilience
to cyber threats
13
2016 ISACA. All Rights Reserved
14
2016 ISACA. All Rights Reserved
15
2016 ISACA. All Rights Reserved
16
2016 ISACA. All Rights Reserved
CSC 1:
INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
17
2016 ISACA. All Rights Reserved
CSC 1:
INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
1.1 Deploy an automated asset inventory discovery tool and use it to build a
preliminary inventory of systems connected to an organizations public and
private network(s). Both active tools that scan through IPv4 or IPv6 network
address ranges and passive tools that identify hosts based on analyzing their
traffic should be employed.
1.2 If the organization is dynamically assigning addresses using DHCP, then
deploy dynamic host configuration protocol (DHCP) server logging, and use
this information to improve the asset inventory and help detect unknown
systems.
1.3 Ensure that all equipment acquisitions automatically update the inventory
system as new, approved devices are connected to the network.
18
2016 ISACA. All Rights Reserved
CSC 1:
INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
1.4 Maintain an asset inventory of all systems connected to the network and the network devices
themselves, recording at least the network addresses, machine name(s), purpose of each
system, an asset owner responsible for each device, and the department associated with
each device. The inventory should include every system that has an Internet protocol (IP)
address on the network, including but not limited to desktops, laptops, servers, network
equipment (routers, switches, firewalls, etc.), printers, storage area networks, Voice Over-IP
telephones, multi-homed addresses, virtual addresses, etc. The asset inventory created must
also include data on whether the device is a portable and/or personal device. Devices such as
mobile phones, tablets, laptops, and other portable electronic devices that store or process
data must be identified, regardless of whether they are attached to the organizations
network.
1.5 Deploy network level authentication via 802.1x to limit and control which devices can be
connected to the network. The 802.1x must be tied into the inventory data to determine
authorized versus unauthorized systems.
19
2016 ISACA. All Rights Reserved
CSC 1:
INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
20
2016 ISACA. All Rights Reserved
CSC 1:
INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
ID
1.1
1.2
1.3
1.5
1.6
Metric
Lower Risk
Threshold
Moderate Risk
Threshold
Higher Risk
Threshold
1%-4%
5%-10%
1,440 Minutes
(1 Day)
10,080 Minutes
(1 Week)
1%-4%
5%-10%
1,440 Minutes
(1 Day)
10,080 Minutes
(1 Week)
1,440 Minutes
(1 Day)
10,080 Minutes
(1 Week)
21
2016 ISACA. All Rights Reserved
22
2016 ISACA. All Rights Reserved
#4 ON AUDITING
CYBERSECURITY SKILLS
23
2016 ISACA. All Rights Reserved
Should we include
skills audit?
1) Risk: Lack of
skilled people
2) Skills required to
assess
Methodologies
(NICE, CSC, eCF, SFIA)
Automation of
business
functions
Ex. Assess
org/IS resilience
to cyber threats
24
2016 ISACA. All Rights Reserved
25
2016 ISACA. All Rights Reserved
27
2016 ISACA. All Rights Reserved
SUMMARY
Tip #1 on Clarification on Cybersecurity Domain
Tip #2 on Auditing Process and Cybersecurity
Tip #3 on CIS Critical Security Controls
Tip #4 on Auditing Cybersecurity Skills
& Tip #0 on please enable personal accounts strong authentication
29
2016 ISACA. All Rights Reserved
RELEVANT RESOURCES:
1. SFIA: https://www.sfia-online.org
2. NIST NICE: http://csrc.nist.gov/nice/
3. CIS CSC: https://www.cisecurity.org/critical-controls/
4. ISO 27032:
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_det
ail.htm?csnumber=44375
5. http://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages/InformationSystems-Auditing-Tools-and-Techniques-Creating-AuditPrograms.aspx
30
2016 ISACA. All Rights Reserved
Questions?
31
2016 ISACA. All Rights Reserved
THIS TRAINING CONTENT (CONTENT) IS PROVIDED TO YOU WITHOUT WARRANTY, AS IS AND WITH ALL
FAULTS. ISACA MAKES NO REPRESENTATIONS OR WARRANTIES EXPRESS OR IMPLIED, INCLUDING
THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR PERFORMANCE, AND NONINFRINGEMENT, ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED.
YOU ASSUME THE ENTIRE RISK FOR USE OF THE CONTENT AND ACKNOWLEDGE THAT: ISACA HAS
DESIGNED THE CONTENT PRIMARILY AS AN EDUCATIONAL RESOURCE FOR IT PROFESSIONALS AND
THEREFORE THE CONTENT SHOULD NOT BE DEEMED EITHER TO SET FORTH ALL APPROPRIATE
PROCEDURES, TESTS, OR CONTROLS OR TO SUGGEST THAT OTHER PROCEDURES, TESTS, OR
CONTROLS THAT ARE NOT INCLUDED MAY NOT BE APPROPRIATE; ISACA DOES NOT CLAIM THAT USE OF
THE CONTENT WILL ASSURE A SUCCESSFUL OUTCOME AND YOU ARE RESPONSIBLE FOR APPLYING
PROFESSIONAL JUDGMENT TO THE SPECIFIC CIRCUMSTANCES PRESENTED TO DETERMINING THE
APPROPRIATE PROCEDURES, TESTS, OR CONTROLS.
Copyright 2016 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This
webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or
transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
32
2016 ISACA. All Rights Reserved
THANK YOU
FOR ATTENDING THIS
WEBINAR