SlideShare a Scribd company logo

Purple seven-ntxissacsc5 walcutt

Download as PPTX, PDF
North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

NTXISSACSC5

Internet
1 of 27
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Tabletop exercises ARE more fun than setting fires Christopher Walcutt, CISM, CISSP Director DirectDefense 11/11/2017
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Why Tabletop? 2 This Photo by Unknown Author is licensed under CC BY-NC-SA
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 How? 3
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Why Now? 4 This Photo by Unknown Author is licensed under CC BY-NC-SA Information Sharing
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What to Expect? 5 Simulated exercise Designed to challenge Foster interaction and communication across organizations Coordinated physical and cyber attacks Practice, Practice, Practice!Check your readiness KNOW the phases
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Who’s involved? 6 Planning (Security/Business Continuity) Business HR Execs Physical Security Corp Comms IT
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 How it works? 7
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 You are not alone 8
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Expectations of you 9 Full two day commitment Need buy-in and support from management to participate No “day job” activities during the exercise Teamwork is key Be prepared to learn and teach Most scenarios will require multiple disciplines/skill sets Scenarios will change during the course of the day Effective communication is essential
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What to Expect? 10 • Post meeting discussions • Establish Incident Command Structure positions • Determine future meeting schedule • Where, when, and how long to meet • Determine how communications will be handled • SharePoint or other appropriate site • Identify other groups needed to participate • Continue to mature the exercise • Metrics • Simulations • Advanced Attack Methods • Increased Information Protection
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What to Expect? 11
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Incident Reporting 12 • Regulators • Industry ISACs (REN-ISAC, FS-ISAC, E-ISAC) • Timing Requirements • Interface with third parties • Contractual Requirements • Insurance Requirements • Outside Counsel
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What the MSEL? 13 Injects are scenarios They appear quickly and overlap Designed to test and may induce stress Beware the modifiers Take notes Stay engaged Phone a friend Use the facilitator
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Resource Planning (Timing) 14 ` Phase 2 5 10 15 20 25 30 35 40 45 50 55 60 Technical Operations Physical Phase 3 5 10 15 20 25 30 35 40 45 50 55 60 Technical Operations Physical Phase 4 5 10 15 20 25 30 35 40 45 50 55 60 Technical Operations Physical
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Resource Planning (Effort) 15 Day Move Inject Technical Operations Physical Group Interaction Start Time (minutes) Day 1 Move 1 NERC 1.3 1 2 2 Technical contacts others T-0 Hold other inject sheets NERC 1.3.2 3 0 0 None T-5 NERC 1.5 0 0 3 None T-10 NERC 1.8 2 3 3 Coordination required T-20 Ties to NERC 1.5 NERC 1.4 2 0 0 None T-30 NERC 1.11 3 0 0 None T-0 Ties to NERC 1.8 NERC 1.7 2 3 0 Coordination required T-0 SOC Breach 1 0 0 5 None T-0 TBD NERC 1.5.1 NERC 1.5.2 2 3 4 Coordination required T-30 Move 2 NERC 2.1 1 2 0 Technical contacts Operations T-0 Hold Operations inject sheets NERC 2.19 0 0 3 None T-0 NERC 2.7 2 2 0 Technical contacts Operations T-15 Hold Operations inject sheets; ties to NERC 1.11 NERC 2.4 2 3 0 Operations contacts Technical T-30 Hold Technical inject sheets NERC 2.8 2 3 2 Coordination required T-40 SOC Breach 2 0 0 5 None T-0 NERC 2.1.1 4 2 0 Coordination required T-0 NERC 2.4.1 1 2 0 Coordination required T-10 NERC 2.12 3 2 3 Operations contacts others T-30 Hold other inject sheets NERC 2.17 3 0 0 None T-45 Day 2 Move 3 NERC 3.2.1 2 2 2 None T-0 Remind teams of personnel limitations incurred NERC 3.11 2 0 0 None T-10 Remind teams of resource limitations incurred NERC 3.12 2 3 3 Coordination required T-10 Damage ties to NERC 2.7 NERC 3.12.1 3 3 2 Coordination required T-15 NERC 3.5.1 4 4 3 Coordination required T-30 NERC 3.9 3 2 0 Coordination required T-0 NERC 3.14 2 2 3 Coordination required T-10 Dependent on documented processes NERC 3.10 1 0 0 None T-20 NERC 3.13 3 3 2 Coordination required T-30 Move 4 NERC 4.2.1 3 2 2 Coordination required T-0 NERC 4.3 2 4 0 Coordination required T-10 SOC Breach 3 0 0 5 None T-10 TBD NERC 4.5 2 2 0 Coordination required T-20 NERC 4.7 1 0 2 Coordination required T-30 NERC 4.6 2 2 0 Coordination required T-30 NERC 4.8 2 4 0 Coordination required T-40 Estimated Effort Level Phase 2 0 Inject does not apply to group Phase 3 1 Minimal effort; 5 minutes Phase 4 2 10 minutes Phase 5 3 Moderate effort; 15 minutes Phase 6 4 20 minutes Phase 7 5 Extreme effort; 30+ minutes Borders indicate breaks
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Resource Planning (Count) 16 Move 1 P2 Move 1 P3 Move 2 P4 Move 2 P5 Move 3 Move 4 Technical 4 3.5 4 4 9 6 Operations 2 2.5 4 3 7 5 Physical 3 2.5 2 2 6 3 0 1 2 3 4 5 6 7 8 9 10 Move 1 P2 Move 1 P3 Move 2 P4 Move 2 P5 Move 3 Move 4 Physical Operations Technical
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Roles •Interfaces directly with the AC •Coordinates incident response activities •Empowered to make departmental decisions Deputy Incident Commander (D-IC) •Fills the same role as the D-IC Backup Deputy Incident Commander •Collects, evaluates, and disseminates information •Maintains intelligence on the situation •Maintains and monitors status of resources assigned to the incident •Coordinates department on-call and schedule rotations, vendor services Planning Section Chief (P-SC) •Manages on-scene tactical operations goals •Goals relate to mitigation/remediation, protection and control •Collect and preserve data •Liaison between incident personnel and D-IC Operations Section Chief (O-SC) 17
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 ACTIVATING THE SIRT 18 SIRT must be contacted when the incident classification table is utilized! State Public Commission Committee must be notified if incidents meet CIP parameters!
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 DOCUMENT STRUCTURE 19 • UIRP: • This document addresses cyber and physical security events affecting corporate assets which may negatively impact the risk posture of the corporation • This document covers a corporate-level framework; individual departments are responsible for creating detailed procedures • Personnel involved in this framework are part of the IUSAN Incident Command System (ICS) • ICS: • A two-tiered command structure coordinated at a company level by the Area Command layer and specific division level activities carried out by the Incident Command layer • Enacted for physical and cyber incidents that are not related to storms • The UIRP document and ICS structure must meet requirements laid out by: • National Institute of Standards and Technology (SP 800-61 Rev 2, SP 800-122) • International Organization for Standardization ISO/IEC 27035:2011 • North American Electric Reliability Corporation CIP-008-5 • Sarbanes-Oxley Act of 2002
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 ICS 20
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 REPORTING WORKFLOW 21
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 BOOM 22
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 LESSONS LEARNED 23 Normal Operations & Contingency Planning Incident Response Training Information Sharing Security Clearances Off-hours Support from Spain Event Notification, Discussions, and Training OT Backbone Network Monitoring Electric Operations Resource Prioritization SDLC with Security Focus Resourcing During Events Corporate Mechanism for Lessons Learned Paper Copies of Procedures (Go Bags) Hot Line Phones Criteria for IT / OT Network Disconnect Reviewing Recent Alerts / Past Events Talking Points for PLO / PIO Execs Data Owner / Data Custodian First Responder Training / Forensics Notification Sharing & Repository Notification Triggers Central Inventory Repository Estimated Time to Recovery Asset Classification Data Retention Baseline Configuration People Process Technology
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 LESSONS LEARNED PLANNING 24 Post Exercise – 5-Year Development Plan
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 PRIORITIZATION 25
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 TRACKING 26
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 27 Thank you cwalcutt@directdefense.com 410-207-9117

Recommended

Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5North Texas Chapter of the ISSA
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?Raphael Bottino
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Cybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingCybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingDavid Fry
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 

Recommended

Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5North Texas Chapter of the ISSA
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?How to protect my cloud workload from Ransomware?
How to protect my cloud workload from Ransomware?Raphael Bottino
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Cybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingCybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingDavid Fry
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNorth Texas Chapter of the ISSA
 
Présentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesPrésentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesANSItunCERT
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...North Texas Chapter of the ISSA
 
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNorth Texas Chapter of the ISSA
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacksKaspersky
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)Priyanka Aash
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3North Texas Chapter of the ISSA
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JSFestUA
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...North Texas Chapter of the ISSA
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNorth Texas Chapter of the ISSA
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
 
NTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 

More Related Content

What's hot

Présentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesPrésentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesANSItunCERT
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...North Texas Chapter of the ISSA
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacksKaspersky
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)Priyanka Aash
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3North Texas Chapter of the ISSA
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JSFestUA
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloudPriyanka Aash
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...North Texas Chapter of the ISSA
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
 

What's hot (20)

NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 
Présentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesPrésentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence services
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
 
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
 
NTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic Failures
 

Similar to Purple seven-ntxissacsc5 walcutt

Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...North Texas Chapter of the ISSA
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco Splunk
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Cisco Connect Toronto - Digital Conference Guide
Cisco Connect Toronto - Digital Conference GuideCisco Connect Toronto - Digital Conference Guide
Cisco Connect Toronto - Digital Conference GuideCisco Canada
 
SplunkLive! Utrecht 2017 - ASML Customer Presentation
SplunkLive! Utrecht 2017 - ASML Customer PresentationSplunkLive! Utrecht 2017 - ASML Customer Presentation
SplunkLive! Utrecht 2017 - ASML Customer PresentationSplunk
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assuranceNur Shiqim Chok
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Canada
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornEric Andresen
 

Similar to Purple seven-ntxissacsc5 walcutt (20)

Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Cisco Connect Toronto - Digital Conference Guide
Cisco Connect Toronto - Digital Conference GuideCisco Connect Toronto - Digital Conference Guide
Cisco Connect Toronto - Digital Conference Guide
 
SplunkLive! Utrecht 2017 - ASML Customer Presentation
SplunkLive! Utrecht 2017 - ASML Customer PresentationSplunkLive! Utrecht 2017 - ASML Customer Presentation
SplunkLive! Utrecht 2017 - ASML Customer Presentation
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
[Cisco Connect 2018 - Vietnam] Yedu s. introducing cisco dna assurance
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 

More from North Texas Chapter of the ISSA

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...North Texas Chapter of the ISSA
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNorth Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (17)

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of Discovery
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
 

Recently uploaded

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 

Recently uploaded (20)

Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 

Purple seven-ntxissacsc5 walcutt

  • 1. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Tabletop exercises ARE more fun than setting fires Christopher Walcutt, CISM, CISSP Director DirectDefense 11/11/2017
  • 2. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Why Tabletop? 2 This Photo by Unknown Author is licensed under CC BY-NC-SA
  • 3. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 How? 3
  • 4. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Why Now? 4 This Photo by Unknown Author is licensed under CC BY-NC-SA Information Sharing
  • 5. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What to Expect? 5 Simulated exercise Designed to challenge Foster interaction and communication across organizations Coordinated physical and cyber attacks Practice, Practice, Practice!Check your readiness KNOW the phases
  • 6. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Who’s involved? 6 Planning (Security/Business Continuity) Business HR Execs Physical Security Corp Comms IT
  • 7. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 How it works? 7
  • 8. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 You are not alone 8
  • 9. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Expectations of you 9 Full two day commitment Need buy-in and support from management to participate No “day job” activities during the exercise Teamwork is key Be prepared to learn and teach Most scenarios will require multiple disciplines/skill sets Scenarios will change during the course of the day Effective communication is essential
  • 10. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What to Expect? 10 • Post meeting discussions • Establish Incident Command Structure positions • Determine future meeting schedule • Where, when, and how long to meet • Determine how communications will be handled • SharePoint or other appropriate site • Identify other groups needed to participate • Continue to mature the exercise • Metrics • Simulations • Advanced Attack Methods • Increased Information Protection
  • 11. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What to Expect? 11
  • 12. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Incident Reporting 12 • Regulators • Industry ISACs (REN-ISAC, FS-ISAC, E-ISAC) • Timing Requirements • Interface with third parties • Contractual Requirements • Insurance Requirements • Outside Counsel
  • 13. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What the MSEL? 13 Injects are scenarios They appear quickly and overlap Designed to test and may induce stress Beware the modifiers Take notes Stay engaged Phone a friend Use the facilitator
  • 14. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Resource Planning (Timing) 14 ` Phase 2 5 10 15 20 25 30 35 40 45 50 55 60 Technical Operations Physical Phase 3 5 10 15 20 25 30 35 40 45 50 55 60 Technical Operations Physical Phase 4 5 10 15 20 25 30 35 40 45 50 55 60 Technical Operations Physical
  • 15. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Resource Planning (Effort) 15 Day Move Inject Technical Operations Physical Group Interaction Start Time (minutes) Day 1 Move 1 NERC 1.3 1 2 2 Technical contacts others T-0 Hold other inject sheets NERC 1.3.2 3 0 0 None T-5 NERC 1.5 0 0 3 None T-10 NERC 1.8 2 3 3 Coordination required T-20 Ties to NERC 1.5 NERC 1.4 2 0 0 None T-30 NERC 1.11 3 0 0 None T-0 Ties to NERC 1.8 NERC 1.7 2 3 0 Coordination required T-0 SOC Breach 1 0 0 5 None T-0 TBD NERC 1.5.1 NERC 1.5.2 2 3 4 Coordination required T-30 Move 2 NERC 2.1 1 2 0 Technical contacts Operations T-0 Hold Operations inject sheets NERC 2.19 0 0 3 None T-0 NERC 2.7 2 2 0 Technical contacts Operations T-15 Hold Operations inject sheets; ties to NERC 1.11 NERC 2.4 2 3 0 Operations contacts Technical T-30 Hold Technical inject sheets NERC 2.8 2 3 2 Coordination required T-40 SOC Breach 2 0 0 5 None T-0 NERC 2.1.1 4 2 0 Coordination required T-0 NERC 2.4.1 1 2 0 Coordination required T-10 NERC 2.12 3 2 3 Operations contacts others T-30 Hold other inject sheets NERC 2.17 3 0 0 None T-45 Day 2 Move 3 NERC 3.2.1 2 2 2 None T-0 Remind teams of personnel limitations incurred NERC 3.11 2 0 0 None T-10 Remind teams of resource limitations incurred NERC 3.12 2 3 3 Coordination required T-10 Damage ties to NERC 2.7 NERC 3.12.1 3 3 2 Coordination required T-15 NERC 3.5.1 4 4 3 Coordination required T-30 NERC 3.9 3 2 0 Coordination required T-0 NERC 3.14 2 2 3 Coordination required T-10 Dependent on documented processes NERC 3.10 1 0 0 None T-20 NERC 3.13 3 3 2 Coordination required T-30 Move 4 NERC 4.2.1 3 2 2 Coordination required T-0 NERC 4.3 2 4 0 Coordination required T-10 SOC Breach 3 0 0 5 None T-10 TBD NERC 4.5 2 2 0 Coordination required T-20 NERC 4.7 1 0 2 Coordination required T-30 NERC 4.6 2 2 0 Coordination required T-30 NERC 4.8 2 4 0 Coordination required T-40 Estimated Effort Level Phase 2 0 Inject does not apply to group Phase 3 1 Minimal effort; 5 minutes Phase 4 2 10 minutes Phase 5 3 Moderate effort; 15 minutes Phase 6 4 20 minutes Phase 7 5 Extreme effort; 30+ minutes Borders indicate breaks
  • 16. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Resource Planning (Count) 16 Move 1 P2 Move 1 P3 Move 2 P4 Move 2 P5 Move 3 Move 4 Technical 4 3.5 4 4 9 6 Operations 2 2.5 4 3 7 5 Physical 3 2.5 2 2 6 3 0 1 2 3 4 5 6 7 8 9 10 Move 1 P2 Move 1 P3 Move 2 P4 Move 2 P5 Move 3 Move 4 Physical Operations Technical
  • 17. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Roles •Interfaces directly with the AC •Coordinates incident response activities •Empowered to make departmental decisions Deputy Incident Commander (D-IC) •Fills the same role as the D-IC Backup Deputy Incident Commander •Collects, evaluates, and disseminates information •Maintains intelligence on the situation •Maintains and monitors status of resources assigned to the incident •Coordinates department on-call and schedule rotations, vendor services Planning Section Chief (P-SC) •Manages on-scene tactical operations goals •Goals relate to mitigation/remediation, protection and control •Collect and preserve data •Liaison between incident personnel and D-IC Operations Section Chief (O-SC) 17
  • 18. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 ACTIVATING THE SIRT 18 SIRT must be contacted when the incident classification table is utilized! State Public Commission Committee must be notified if incidents meet CIP parameters!
  • 19. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 DOCUMENT STRUCTURE 19 • UIRP: • This document addresses cyber and physical security events affecting corporate assets which may negatively impact the risk posture of the corporation • This document covers a corporate-level framework; individual departments are responsible for creating detailed procedures • Personnel involved in this framework are part of the IUSAN Incident Command System (ICS) • ICS: • A two-tiered command structure coordinated at a company level by the Area Command layer and specific division level activities carried out by the Incident Command layer • Enacted for physical and cyber incidents that are not related to storms • The UIRP document and ICS structure must meet requirements laid out by: • National Institute of Standards and Technology (SP 800-61 Rev 2, SP 800-122) • International Organization for Standardization ISO/IEC 27035:2011 • North American Electric Reliability Corporation CIP-008-5 • Sarbanes-Oxley Act of 2002
  • 20. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 ICS 20
  • 21. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 REPORTING WORKFLOW 21
  • 22. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 BOOM 22
  • 23. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 LESSONS LEARNED 23 Normal Operations & Contingency Planning Incident Response Training Information Sharing Security Clearances Off-hours Support from Spain Event Notification, Discussions, and Training OT Backbone Network Monitoring Electric Operations Resource Prioritization SDLC with Security Focus Resourcing During Events Corporate Mechanism for Lessons Learned Paper Copies of Procedures (Go Bags) Hot Line Phones Criteria for IT / OT Network Disconnect Reviewing Recent Alerts / Past Events Talking Points for PLO / PIO Execs Data Owner / Data Custodian First Responder Training / Forensics Notification Sharing & Repository Notification Triggers Central Inventory Repository Estimated Time to Recovery Asset Classification Data Retention Baseline Configuration People Process Technology
  • 24. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 LESSONS LEARNED PLANNING 24 Post Exercise – 5-Year Development Plan
  • 25. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 PRIORITIZATION 25
  • 26. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 TRACKING 26
  • 27. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 27 Thank you cwalcutt@directdefense.com 410-207-9117