Upload File

getting the board’s buy-in through soc metrics...implementation, and building and managing...

  • Home
  • Documents
  • Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,
14
Copyright MKA Cyber © 2017. All rights reserved. Getting the Board’s Buy-In Through SOC Metrics Mischel Kwon, CEO MKACyber

Upload: others

Post on 21-May-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

Copyright MKA Cyber © 2017. All rights reserved.

Getting the Board’s Buy-In Through SOC Metrics Mischel Kwon, CEO

MKACyber

Page 2: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

2

Not your average Data Center IT anymore…

Page 3: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

3

Current Cyber Threats

Page 4: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

4

Current Cyber Attacks

Page 5: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

5

Change in Use – Change in Risk

• Digital Revenue

• Societal Use

- Social Media

- New Outlets

- Elections

• Operational II

- Medical Devices

- Transportation

- Communication

• Cloud and Outsourced Application

• Mobile Devices and BYOD

• Supply Chain

- Chips

• Communications

• Data Storage and Processing

• In House Applications

• Desktops

• Data Centers

Page 6: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

6

What Makes you Vulnerable – Why?

• Lack of Threat Understanding

• Lack of Visibility

• Lack of Patching

• Weak Security Controls

• Antiquated Technology

• Unclear Cloud Role

• Un-managed Outsourced Applications

• Poor Code

• Supply Chain

• Staffing

• Methodology

• Technology

• Tooling

• Relationships

• Contracts

How Do We Fix This?

Page 7: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

7

Embracing the “C” level

Page 8: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

8

Business Hierarchy, Priorities, Communication

BOARD OF DIRECTORS

BUSINESS UNIT

CIO / CISO

TECHNICAL MANAGEMENT

CEO

Page 9: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

9

Business Unit Leader’s Priorities

RISK MANAGEMENT

PROFITABILITY ANALYSIS

FORECASTING

BUSINESS INTELLIGENCE

PERFORMANCE MANAGEMENT

BUSINESS UNIT

BUDGETING

STRATEGIC PLANNING

Page 10: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

10 10

• Metrics are NO longer time to deliver, SLA-based

• Metrics should be a contribution to the P&L

• Metrics should always tie back to the balance sheet

• Statistics capture the

current status of what

you are measuring

• Metrics tell the story of

how well what you are

measuring is performing

STATISTICS

METRICS

Statistics vs. Metrics

Page 11: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

11

Being a Participating Member of the Business Leadership Team

Be a

Business

Unit Leader

Show cost efficiency

Solution delivery remediation

High performing, transparent team

Just right – organized data, tooling, staff – just in time

Business

goal

Page 12: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

12

Organize, Automate, Report, Improve, Protect

Page 13: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

13

Mischel Kwon

CEO, MKACyber

Over 35 years of experience

in application development,

network architecture and

implementation, and building

and managing Security

Operations Centers (SOC).

Former, Head of US-

CERT

Former, Chief IT

Security Technologist,

Department of Justice

Founder, Cybersecurity

Diversity Foundation

Page 14: Getting the Board’s Buy-In Through SOC Metrics...implementation, and building and managing Security Operations Centers (SOC). Former, Head of US-CERT Former, Chief IT Security Technologist,

Building and Managing Effective SOC (Security Operation Center)¼sal... · 2019. 6. 13. · ABOUT ME Former Head of Information Security unit at Azerconnect LLC Former Manager of

SoC Security Verification

SOC and Enterprise Security. Аспекты внедрения. Декабрь 2012

Building a Security Operations Center (SOC)

SECURITY OPERATIONS CENTER (SOC) ASSESSMENT

SoC FPGA Hardware Security Requirements and Roadmap · 2 Agenda •Security Threat Models for FPGA/SoC FPGA End Markets •Taxonomy of Security Threats •Threat Use Cases •Overall

Guide to Operating a Security Operations Center (SOC)

ARK: Architecture for Security Resiliency in SoC Designs

2.про soc от solar security

Proactive Security Event Monitoring System - SOC

Future SOC - Security Operations in 2020

SECURIT Y - UnderDefense · Tools (managing security of infrastructure, SIEM) 2 3 1 SOC UnderDefense SOC is a 24x7x365 Cyber Security Defense through managing security of all your

SoC physical security evaluation

Former Husband Alerts Homeland Security

Anonymous 20*20. Director of Security Intelligence for Akamai Technologies Former Research Director, Enterprise Security [The 451 Group] Former Principal

SOC - Security Operations Centre Framework Project...SOC - Security Operations Centre Framework Project Agenda •Modals & Strategies of SOCs •Processes •People & Skills Modals

Managed Security Operations Centre (SOC)

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE€¦ · AWS SOC 1 Report, AWS SOC 2: Security & Availability Report, AWS SOC 2: Confidentiality Report, and AWS SOC 3: Security &

SmartFusion2 SoC FPGA Data Security Devices Product Brief

Opinion Paper Prescriptive Security Operations Centers (SOC)

Cyber Security Analyst (SOC), Incident Responder & IT

Managing Security and External Service Providers using SOC …felaban.s3-website-us-west-2.amazonaws.com/memorias/archivo... · Operational controls SOC 1 SOC 2 SOC 3 Detailed report

Next Generation Security Operations Center – SOC 2.0

Automation to Make Security Operations Effective ......Security Operations/セキュリティ運用あれこれ SOC Persona –The Proactive SOC(プロアクティブなSOC) Challenges

SoC Security 6

SoC Security: Architecture, IP, or CAD?

An introduction to SOC (Security Operation Center)

Security Efforts for SEER*DMS · • SOC 1 – financial reporting controls • SOC 2 – data security • SOC 3 – simplified SOC 2 requiring less formalized documentation •

Introduction to Security Operations and the SOC

Security Operations Center (SOC)

SOC and ICS/SCADA Security

Future SOC: SANS 2017 Security Operations Center Surveypages.endgame.com/rs/627-YBU-612/images/SOC Survey 2017.pdf · Future SOC: SANS 2017 Security Operations Center Survey.

SoC Security Properties and Rules

Security Operations Center (SOC) Essentials for the SME

CERTIFIED SOC ANALYST (CSA) - InfoSec Cyber Security ... · The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). ... and perform