managing risk in a digital world - data connectors · 2019-06-21 · security information &...
TRANSCRIPT
MANAGING RISK IN A DIGITAL WORLD
RSA FIELD CTO (US) &DELL SECURITY AMBASSADOR @BEN_SMITHBEN SMITH CISSP CRISC CIPT
RonRivest
AdiShamir
LeonardAdleman
NOT ALL OF THESE LEGACY SOLUTIONS ARE CURRENTLY AVAILABLE FOR SALE
37 YEARS OF INDUSTRY LEADERSHIP
Public-key cryptography
1982 2019
Encrypted email
Digital signatures
Digital certificatesMultifactor authentication
Certificate authority
Intrusion detection
Smart card
Biometrics
Identity federation
Web-based single sign-on
Token-less authenticationTransaction-level authorization
Site-to-user authentication
Security information & event management
Transaction monitoring
Key management
Database encryption
File encryption
Knowledge-based authenticationData loss prevention
Governance, risk and compliance
Deep packet inspection
Behavior-based web fraud detection
Endpoint malware detection
Incident response
Identity lifecycle management
Identity & access management
Security orchestration & automation
User and entity behavioral analytics
DIGITAL TRANSFORMATION
DIGITAL TRANSFORMATION CHALLENGES CONTINUE TO GROW
Organizations are taking their business online; Cloud and mobile
change the game
M O D E R N I Z AT I O N
Increasingly sophisticated and more frequent
M A L I C E
Transitioning from simple guidance to rigid security with a modern,
global infrastructure
M A N D AT E S
MALWAREPHISHING BREACHDEVICESAPPS USERS DFARSPCI GDPR
SPEED OF CHANGEOF IMPACT
COMPLEXITY OF BUSINESSOF THREATS
AMPLIFICATION OF OPPORTUNITYOF RISK
TRADITIONAL BUSINESS RISK
DIGITAL RISK
DIGITALADOPTION
RIS
K
LOW
HIGH
MEDIUM
DIGITAL RISK is the greatest facet of risk that businesses face…
DIGITALADOPTION
RISK…that requires aNEW PERSPECTIVE
CEO / BOARD
MALICE MANDATESMODERNIZATION
? ? ?
R I S KM A N A G E M E N T
I T S E C U R I T Y
ENABLE INNOVATION & AGILITY
ENSURE RESILIENCY
BUILD TRUST DEFEND the ECOSYSTEM
CEO / BOARD
? ? ?
R I S KM A N A G E M E N T
I T S E C U R I T Y
D I G I TA L R I S K
INSIGHTS
ACTIONS
VISIBILITY
These graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from RSA.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology user to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
PROTECT YOUR DIGITAL FUTURE
with a unified approach to advanced security
operations & integrated risk management
RSA Archer SuiteProven Integrated Risk Management
These graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from RSA.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology user to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
PROTECT YOUR DIGITAL FUTURE
with a unified approach to advanced security
operations & integrated risk management
RSA Archer SuiteProven Integrated Risk Management
RSA NetWitness PlatformEvolved SIEM &
Advanced Threat Defense
50M+Identities
PROTECT YOUR DIGITAL FUTURE
with a unified approach to advanced security
operations & integrated risk management
RSA Archer SuiteProven Integrated Risk Management
RSA NetWitness PlatformEvolved SIEM &
Advanced Threat Defense
SECURE USER ACCESS & PREVENT FRAUD
in today’s digitally connected, multi-cloud, omni-channel
world
RSA Fraud & Risk Intelligence Suite
Omni-Channel Fraud Prevention
RSA SecurID SuiteSecure AccessTransformed
PROTECT YOUR DIGITAL FUTURE
with a unified approach to advanced security
operations & integrated risk management
RSA Archer SuiteProven Integrated Risk Management
RSA NetWitness PlatformEvolved SIEM &
Advanced Threat Defense
SECURE USER ACCESS & PREVENT FRAUD
in today’s digitally connected, multi-cloud, omni-channel
world
RSA Fraud & Risk Intelligence Suite
Omni-Channel Fraud Prevention
RSA SecurID SuiteSecure AccessTransformed
CREATE A TAILORED PLAYBOOKto assess, quantify and mature your Digital Risk program over
time
RSA Risk FrameworksRoadmaps & Strategy for Digital Risk Maturity
RSA Risk & Cybersecurity Practice
Expert Consulting Services
THE RSA RISK FRAMEWORKSBuilding Maturity in Four Key Areas
Ability to identify sophisticated attacks & breaches, lateral movement, initial impact
and effectively respond with a cross functional response
Risk is considered from perspective of loss events, opportunity costs and enhancing
likelihood of achieving objectives and executing strategy. Risk taking decisions
are proactive
Business context is completely infused intoidentity processes and functional technology
use. Monitoring capabilities alert stakeholders to impactful data stewardship
activities
Integrated information governance intocorporate infrastructure and businessprocesses to such an extent that data
remains secure and compliant within legal, regulatory, and business functions, partners
and cloud Infrastructure
Ability to identify commodity malware, some breaches, some lateral movement, basic
initial impact and respond with a somewhat coordinated cross functional response
Management has information needed to understand complete context of risk. More
informed decisions made and accountability established but decision process is still
manual
System of record in place to manage fulllifecycle of compliance activities.
Stakeholders collaboratively define processes and policies;
remediation activities are consistentlymonitored and reported
Established proactive information governance program with continuous improvement. Information governance
issues and considerations routinely integrated into business decisions
Limited ability to identify commodity malware, some breaches, some lateral
movement, basic initial impact and limited ability to respond
Agreement on risk management terminology, rating scales and assessment
approach is established. Little business context is available and responsibility for each risk and control is not always clear
Operational standards and a comprehensivecompliance catalog are developed. Some
activity focused on improving effectivenessand stabilize processes with limited scope
Developing recognition that informationgovernance has impact on organization and
benefits from more defined program. Stillvulnerable to scrutiny of legal or business
requirements
No ability to detect threats against the organization and no ability to respond when
attacked
Baseline activities are in place to manage risk but are isolated and fragmented.
Beginning to obtain visibility into assessed level of inherent and residual risk but
accountability is ad hoc
Organization understands broad complianceobligations but each area managesseparately. Control performance is
assessed ad hoc or as part of external audit
Information governance and recordkeepingconcerns are not addressed at all, minimally or ad hoc. Will not meet legal or regulatoryscrutiny or effectively serve the business
CYBER INCIDENT RISK THIRD-PARTY RISK DYNAMIC WORKFORCE RISK MULTI-CLOUD TRANSFORMATION RISK
MA
TU
RIT
Y
THE RSA RISK FRAMEWORKSCyber-Incident Risk Framework
Operational effectiveness to execute on cross functional recurring tabletop exercises, tested IR Plan (red/blue), IR
resource alignment, CIA Asset System Categorization and compliance/privacy alignment, base breach risk
assessment
Operational effectiveness to continually test enterprise breach risk tolerance (enterprise wide and system
specific) and ability to adapt to threats, process, IT and security operational issues to reduce risk and impact of a
breach
Operational effectiveness to an identify breaches and lateral movement, understand impact, and effectively
respond with a cross functional response
Operational effectiveness to understand impact and impacted systems and effectively remediate breaches
with automated assistance from technology
Operationalize feedback loop to improve breach response (into Pre-Breach planning) and continually
reduce risk based on operational feedback/inputs
Ability to execute on cross functional recurring testing of IR Plan via staged process exercises, IR resource
alignment, CIA Asset System Categorization of critical assets and compliance alignment
Ability to periodically test enterprise breach risk tolerance (system specific) and adapt to threats, process, IT and
security operational issues to reduce risk of a breach and optimize Incident Response (IR) to reduce breach impact
Ability to identify breaches and lateral movement, impact and effectively respond with a cross functional response
Ability to understand impact and impacted systems and remediate breaches with automated assistance from
technology
Operationalize feedback loop to improve breach response but limited project creation to continually reduce risk based on operational feedback/inputs
Good cybersecurity awareness and foundational preparation including IR Plan and identified IR resources
to respond to breach
Ability to periodically test enterprise breach risk tolerance (system specific) but limited follow-through to adapt to threats, process, IT and security operational issues to
reduce risk of a breach and optimize Incident Response (IR) to reduce impact
Ability to identify breaches, estimate impact, and ad hoc response from organization
Ability to understand which systems were impacted and ad hoc, manual remediation of breach
Ad hoc Feedback loop to improve breach response (into Pre-Breach planning)
Foundational cybersecurity awareness and basic foundational preparation (understand what may need to
be done) to respond to breach
Limited testing of enterprise breach risk tolerance (system specific) and limited follow-through to adapt to threats, process, IT and security operational issues to
reduce risk of a breach and optimize Incident Response (IR) to reduce impact
Ability to identify breaches, estimate impact, and ad hoc response from organization
Ability to understand which systems were impacted and ad hoc, manual remediation of breach
Ad hoc Feedback loop to improve breach response (into Pre-Breach planning)
Foundational cybersecurity awareness but poor preparation to respond to breach
Minimal compliance only testing of enterprise breach risk tolerance (system specific) and minimal follow-through to adapt to threats, process, IT and security operational
issues
Minimal ability to identify breaches with no ability to measure impact. Ad hoc response capabilities.
Minimal ability to understand which systems were impacted and ad hoc, manual and limited remediation of
breach
Minimal defined processes for feedback loop to improve breach response (into Pre-Breach planning)
Minimal cybersecurity awareness and poor preparation to respond to breach
Minimal cybersecurity awareness, failure to perform basic breach risk management, and poor preparation to
respond to breach
Minimal ability to identify breaches with no ability to measure impact. No respond capabilities.
No or minimal cybersecurity awareness and poor preparation to respond to breach
No follow-up post breach to improve capabilities on pre-breach based on GAP and learnings from breach.
No cybersecurity awareness and poor preparation to respond to breach
No cybersecurity awareness, failure to perform basic breach risk management, and poor preparation to
respond to breach
No cybersecurity awareness and poor preparation to respond to breach
No cybersecurity awareness and poor preparation to respond to breach
No follow-up post breach plans or capabilities to improve capabilities on pre-breach based on GAP and learnings
from breach.
LEFT OF BREACH (PRE-BREACH) PREPAREDNESS
BREACH RISK REDUCTION (BREACH DEFLECTION)
BREACH AND INITIAL INCIDENT RESPONSE
BREACH REMEDIATION RIGHT OF BREACH (POST BREACH) ADAPTATION
Adapt and optimize operational IT and Security Awareness
Impact Analysis
Remediate and Prevention Lessons Learned and adapt to Reduce RiskRisk and Dwell Time Reduction Actions
Prepare for Breach to Reduce Risk of Breach and Breach Impact
Dwell Time
POST-INCIDENT HANDLINGPREPARE DETECT ANALYZE CONTAIN ERADICATE RECOVER
MA
TU
RIT
Y
THE RSA RISK FRAMEWORKSCyber-Incident Risk Framework
LEFT OF BREACH (PRE-BREACH) PREPAREDNESS
BREACH RISK REDUCTION (BREACH DEFLECTION)
BREACH AND INITIAL INCIDENT RESPONSE
BREACH REMEDIATION RIGHT OF BREACH (POST BREACH) ADAPTATION
Adapt and optimize operational IT and Security Awareness Remediate and Prevention Lessons Learned and adapt to Reduce RiskRisk and Dwell Time Reduction Actions Dwell Time
POST-INCIDENT HANDLINGPREPARE DETECT ANALYZE CONTAIN ERADICATE RECOVER
MA
TU
RIT
Y
Minimal cybersecurity awareness and poor preparation to respond to breach
Limited testing of enterprise breach risk tolerance (system specific) and limited
follow-through to adapt to threats, process, IT and security operational issues to reduce risk of a breach and optimize Incident Response (IR) to
reduce impact
Minimal ability to identify breaches with no ability to measure impact. Ad hoc
response capabilities.
Operational effectiveness to understand impact and impacted systems and effectively remediate breaches with
automated assistance from technology
No follow-up post breach to improve capabilities on pre-breach based on
GAP and learnings from breach.
MATURITY QUALIFICATION
Overall Score:
50.4out of 100
19.1out of 20
8.5out of 20
5.7out of 20
11.4out of 20
5.7out of 20
WHO is the user?
WHAT can they access?
IS what they aredoing ok?
HOWdo you take threats into account?
WHATknown fraud is this user or device associated with?
WHYshould I care? Is there a risk to my business?