So, Microsoft has provided further innovation and thought leadership with the cloud, Big Data, & security.
As of late, Azure now offers a preview (i.e., BETA) of its Storage Service Encryption (SSE) offering for its Data Lake Store offering to complement the add-on crypto services one may use for its HDInsight (i.e., Hadoop) offering, namely integration with DgSecure.
The jury is still out on the ease of use, as well as how robust these offerings are, but, it seems Microsoft is ahead of the curve with cloud & Big Data security.
Will AWS catch-up?
Monday, August 22, 2016
Monday, August 15, 2016
Loss Expectancy & InfoSec Metrics
So when looking to make single / annual loss expectancy (SLE / ALE) as subjective as possible it helps to have some metrics (i.e., KPIs / KRIs).
While vulnerability scanning / DAST / SAST / pen test findings can help, the best examples are from either honeypots or via red team exercises, to include: social engineering, phishing, whaling, and / or compromised digital assets.
Such metrics will help with the providing the (estimated) annual rate of occurrence (ARO) needed to determine the SLE * ARO = ALE.
Finally, while subjective, annual net sales / days of expected outage always helps w/ determining the SLE for ERP / EMR / EHR / ICS / CRM / SFA systems.
While vulnerability scanning / DAST / SAST / pen test findings can help, the best examples are from either honeypots or via red team exercises, to include: social engineering, phishing, whaling, and / or compromised digital assets.
Such metrics will help with the providing the (estimated) annual rate of occurrence (ARO) needed to determine the SLE * ARO = ALE.
Finally, while subjective, annual net sales / days of expected outage always helps w/ determining the SLE for ERP / EMR / EHR / ICS / CRM / SFA systems.
Monday, August 8, 2016
Securing Native Big Data Environments v3.0: Using Apache Ranger & Atlas for DevSecOps, IAM, InfoGov
Apache Ranger (http://ranger.apache.org/) and Atlas (http://atlas.incubator.apache.org/) offer some real thought leadership for securing native big data environments.
The question that remains is, will corporate IT teams embrace these new technologies?
I do see (cloud) providers (MS Azure, AWS) using these tools, as they need to for security compliance purposes. I also see on-premise (hyper-convergence) solution vendors (e.g., Hortonworks, Cloudera) leveraging this as well.
The question that remains is, will corporate IT teams embrace these new technologies?
I do see (cloud) providers (MS Azure, AWS) using these tools, as they need to for security compliance purposes. I also see on-premise (hyper-convergence) solution vendors (e.g., Hortonworks, Cloudera) leveraging this as well.
Thursday, August 4, 2016
Opening the DFIR Community
InfraGard & SEI's CERT have long proposed & advocated for information sharing w/in the DFIR space.
With that said, will COPS (http://www.infosecurity-magazine.com/news/cops-open-incident-response/) take this InfoSec specialty to the next level? Will such actions dilute the quality DFIR SMEs work &/or wages?
TBD...
With that said, will COPS (http://www.infosecurity-magazine.com/news/cops-open-incident-response/) take this InfoSec specialty to the next level? Will such actions dilute the quality DFIR SMEs work &/or wages?
TBD...
Monday, August 1, 2016
KPIs, KRIs, & Just Plain Metrics
Here is an enumeration of measurements for your security program (aggregated from multiple sources):
Weighted Risk Trend (WRT)
Defect Remediation Window (DRW)
Rate of Defect Recurrence (RDR)
Specific Coverage Metric (SCM)
Security Defect to Quality Ratio (SDQR)
Equal Error Rate (False Positives / Negatives / Tool)
Shared Services Satisfaction Score
Platform Compliance Scores
Email Traffic Analysis
% System Availability
% Security Assessment Coverage
% IT Control Coverage
% Contingency Plan Coverage
% Anti-malware Coverage
% Anti-virus Coverage
% IAM / SSO Coverage
% CASB / DLP / DCAP Coverage
% EMM / MDM Coverage
# Unaddressed Risks & Severity
# Security Incidents
# Policy Violations
# Open Vulnerabilities
# Hours of Downtime
# Local Admin Users
# Policy Exceptions
# Privileged Accounts
# Hours to Remediate Security Incidents
# Firewall Rule Changes
Weighted Risk Trend (WRT)
Defect Remediation Window (DRW)
Rate of Defect Recurrence (RDR)
Specific Coverage Metric (SCM)
Security Defect to Quality Ratio (SDQR)
Equal Error Rate (False Positives / Negatives / Tool)
Shared Services Satisfaction Score
Platform Compliance Scores
Email Traffic Analysis
% System Availability
% Security Assessment Coverage
% IT Control Coverage
% Contingency Plan Coverage
% Anti-malware Coverage
% Anti-virus Coverage
% IAM / SSO Coverage
% CASB / DLP / DCAP Coverage
% EMM / MDM Coverage
# Unaddressed Risks & Severity
# Security Incidents
# Policy Violations
# Open Vulnerabilities
# Hours of Downtime
# Local Admin Users
# Policy Exceptions
# Privileged Accounts
# Hours to Remediate Security Incidents
# Firewall Rule Changes
Subscribe to:
Posts (Atom)