researchsoc iu edu thank you for attending our webinar
play

researchsoc.iu.edu Thank you for attending. Our webinar will begin - PowerPoint PPT Presentation

Oct 06, 2022 •153 likes •461 views

researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research Housekeeping All

  1. researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly.

  2. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research

  3. Housekeeping ● All participants are on mute. ● Ask your questions via the Q&A feature. ● We will record this webinar and provide a link. ● Slides will also be made available. ● Tech troubles? Sign out and back in.

  4. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research

  5. What causes failure? How can we improve our detection and • Missing Information response systems to address the issues • Multiple concurrent problems most likely to cause loss of confidentiality, • Inability to Detect or Respond integrity or access to our data? • Incorrect Information • Incomplete Information

  6. Any person can invent a security system so clever that she or he can't think of how to break it. -Schneier’s Law

  7. Imperfect Information • New updates/controls What “facts” do we know about our organization but haven’t tested ? • Untested critical processes • Logical or policy oversights How closely are our policies tied to the • Are policies focused on organizational realities of our organization’s operations ? goals?

  8. What is a security exercise? • Helps us to get better at dealing with A tool to help us find and correct errant things that (hopefully) rarely happen. assumptions about our organization’s • Tells us if our policies are effective. security. • Reveals the assumptions we have made that don’t line up with reality. • Creates elasticity in our thinking about how we respond to problems.

  9. How do we find out? Security Exercise Programs A series of security exercises we run to • It is iterative continually improve our policies and • It reinforces good behaviors processes and prepare our team for • It corrects bad behaviors responding to real issues. • Prepares for response stress • Improves coordination

  10. Prerequisites ● What are you protecting and why? These can be simple documents, the ○ Inventory important thing is that they exist as a ○ Priorities starting point for iterating on your program. ● How are you going to achieve those goals? ○ Policies “We will ensure data integrity while ensuring ○ Procedures maximum availability for our researchers” ● Who will do what during and incident? “During an incident the CISO will be authorized ○ Defined responsibilities to…” ○ Assigned to the role, not the individual

  11. Poll: What’s your experience with security exercises?

  12. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  13. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  14. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  15. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  16. Elements of a successful program ○ Regularity Exercises should be regular, repeatable, scalable and adaptable ○ Purpose and Focus Exercises should have a clear focus that is tailored for your organization ○ Preparation Exercises should be scheduled in advance, planned, and clearly communicated ○ Follow Through Knowledge gained in exercises should be reviewed and applied regularly

  17. Poll: What key elements of a security program do you have in place?

  18. Types of Exercises Tabletop Exercise Real-time exercise where each organizational role walks through a hypothetical event together using the existing policies and procedures. Evaluation Exercises Exercises that explore, measure, or improve aspects of our documentation, inventory, resource availability and preparedness. Live Exercises Real-time exercise run in test or production environments to simulate potential security incidents.

  19. Tabletop Exercises Method A moderator creates a scenario and runs the participants through it, much like a tabletop RPG. “What do you do?” Requirements Use Case ● Moderator and a pre-written scenario ● Early program ● Means of communicating in real time. ● Lack of Resources ● Means of note taking and sharing at debrief ● Testing Policies and Procedures ● Defined roles and responsibilities for participants

  20. Evaluation Exercises Method Passive gathering of data about organization, documentation, infrastructure or policies. Requirements Use Cases ● At least one investigator ● Gathering Inventory ● Tools for gathering the type of data you are ● Building Risk Assessment looking for: port scanner, software inventory tools, ● Verifying documentation public IP addresses, etc

  21. Live Exercises Method Real-time environment exercises on test or production hardware. Can be run as White team v Blue team or Red team v Blue team Requirements Use Cases ● Two teams of participants ● Reinforcing human behavior ● Production or test environment ● Testing tools and software ● Defined expectations and boundaries ● Evaluating hardware ● Means of note taking and sharing at debrief ● Finding wrong assumptions

  22. Designing an Exercise ● Choose something to test that fits with the For tabletop scenarios decide how you purpose/focus of your organization’s security will present information to the program participants and get them thinking critically. ● Choose a type of exercise based on your resources and what you want to test For live scenarios think about how you can focus the objectives around the ● Write an outline of the exercise (tabletop/live) or systems and assumptions you want to develop a methodology for evaluative exercises. test.

  23. Running an Exercise ● Communicate the time and place of your • Take extensive notes during the exercise to participants (if any) ahead of exercise, ask participants to document time. their thoughts and reactions as well. ● Set a scope for the exercise, and define • Solicit feedback from participants success/fail states to participants at the start. • Iterate on your execution- document ● Provide Resources successes and failures

  24. Learning from an Exercise ● Conduct a debrief of the exercise as soon as • Revisit previous exercises to ensure possible in order to gather information as issues are being addressed and documented. accurately as possible. ● Generate a report defining what was done, how • Repeat failed exercises after an and the outcomes of the exercise. interval to test effectiveness of changes. ● Make recommendations to address failures or obstacles encountered while running the exercise

  25. For More Information List of example exercises http://go.iu.edu/2heq

  26. Poll: Which additional security exercise webinars might you attend?

  27. Q & A

  28. Visit the ResearchSOC website : https://researchsoc.iu.edu/ Subscribe to the ResearchSOC announcements list: https://researchsoc.iu.edu/contact/index.html Read the ResearchSOC Blog: https://blogs.iu.edu/researchsoc/ Join our Community of Practice: https://ask.cyberinfrastructure.org/c/rsoc Follow ResearchSOC on Twitter @IUResearchSOC

  29. Webinars: Conferences: How to secure SCADA/ICS systems: Internet2 March 29-April 1 10 strategies that work February 20, 2020 3pm EST Educause SPC April 21-23 How to select and use operational cybersecurity metrics to make PEARC cybersecurity operations more effective July 26-30 March 19, 2020 3pm EST https://researchsoc.iu.edu/webinars

  30. Thank you! Additional Resources: Josh Drake Presentation adapted from “Security Exercises” article drakejc@iu.edu by Susan Sons from linuxjournal.com (Nov 2016) http://go.iu.edu/2c10 researchsoc.iu.edu We thank the National Science Foundation (grant 1840034) for supporting our work. The views and conclusions herein are those of the author and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF.

Recommend

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020 Strategies for Better Incident Response ResearchSOC Webinar Series Research Security Operations Center The NSF Collaborative Security Response Center

458 views • 26 slides
Webinar FAQ Thank you for attending our webinar series and for submitting questions to our

Webinar FAQ Thank you for attending our webinar series and for submitting questions to our

Webinar FAQ Thank you for attending our webinar series and for submitting questions to our speakers. We are grateful to all of you for your contribution to our national effort in diagnostics. While it is not possible for all questions to be

196 views • 6 slides
2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer

2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer

Arizona Heat Season 2020 Recap Webinar December 3, 2020 2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer microphone/speaker Alternate audio available through phone This webinar is being recorded. Slide

960 views • 85 slides
I would like to thank everyone for attending todays webinar presentation covering the LEP

I would like to thank everyone for attending todays webinar presentation covering the LEP

I would like to thank everyone for attending todays webinar presentation covering the LEP Program Survey, which is a data set collected during PIMS Collection 4 and also covering the ELL End of Year Counts PIMS Internal Snapshot. Before

1.25k views • 62 slides
Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your first & last name and county in the chat bar. If there are several people attending the webinar from the same conference room/office/etc.,

544 views • 28 slides
Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your first & last name and county in the chat bar. If there are several people attending the webinar from the same conference room/office/etc.,

599 views • 42 slides
2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities

2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities

2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities August 31, 2016 Thank you for attending this webinar! It will begin shortly at 3:00 pm E.T. Welcome to Todays Webinar Audio Information: Dial

1.03k views • 64 slides
Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September

Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September

Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September 2020 Welcome Thank you for attending The webinar will be recorded All material will be made available on the call webpage within one

833 views • 41 slides
Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar

Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar

Webinar: Local School Wellness Policies Thank you everyone for attending our webinar on Local Wellness Policies. My name is Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar today. Im joined today

623 views • 51 slides
bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken

bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken

bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken Attending a Conference Attending a Conference Attending a Conference Attending a Conference Talk to people at all occasions after

603 views • 37 slides
2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and

2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and

2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and Schools: Providing Mental Health Services in Rural Communities July 27, 2016 Thank you for attending this webinar! It will begin shortly at 3:00

457 views • 41 slides
WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for

WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for

NONPROFIT WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for attending! All attendees have been muted. The presentation will start at 1:00pm. Direct all your questions to the Q&A box. Who We Are

765 views • 43 slides
HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015

HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015

HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015 Attendance and Sign In If attending in person, please make sure you sign in If attending via webinar, please send an email to

335 views • 10 slides
2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and

2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and

2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and Veteran Families: The Rural Perspective September 14, 2016, 3:00 - 4:30 p.m. Eastern Thank you for attending this webinar! It will begin shortly

767 views • 27 slides
Attention-based Networks M. Malinowski Why attention? Long term memories - attending to

Attention-based Networks M. Malinowski Why attention? Long term memories - attending to

Attention-based Networks M. Malinowski Why attention? Long term memories - attending to memories Dealing with gradient vanishing problem Exceeding limitations of a global representation Attending/focusing to smaller parts of

1.42k views • 47 slides
Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator

Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator

Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator Michael Gerardi, MD, FAAP, FACEP Director, Pediatric Emergency Services, Atlantic Health System Attending, Department of Emergency Medicine,

493 views • 7 slides
Welcome the session, please also post them in the chat box. We will do our best to address them

Welcome the session, please also post them in the chat box. We will do our best to address them

Please post your organization, location, and role in the chat box. If additional people are attending the webinar with you, please post their first and last names as well. If you have questions or comments during Welcome the

538 views • 50 slides
Presentation to analysts and investors attending Precious Metals Summit Attached is a presentation

Presentation to analysts and investors attending Precious Metals Summit Attached is a presentation

Shareholder Information / 20 September 2018 Presentation to analysts and investors attending Precious Metals Summit Attached is a presentation by Stean Barrie, General Manager Technical Services, to analysts and investors attending the Precious

876 views • 46 slides
Webinar Information All participants Use the This webinar This webinar is lines are questions

Webinar Information All participants Use the This webinar This webinar is lines are questions

2020 Point-in-Time Count Planning for Communities December 12, 2019 1 Coalition on Homelessness and Housing in Ohio | 175 S. Third St. Suite 580 Columbus, OH 43215 Webinar Information All participants Use the This webinar This webinar is

722 views • 22 slides
Welcome and thank you for attending This meeting is being recorded Agenda

Welcome and thank you for attending This meeting is being recorded Agenda

Welcome and thank you for attending This meeting is being recorded Agenda Presentation Public Comment Meeting will end by 7:30 pm Additional comments may be mailed to 1867 West Market Street, Akron, OH 44313-6901or

198 views • 18 slides
In attending this years budget process meetings, the BTA has noted a number of things to be

In attending this years budget process meetings, the BTA has noted a number of things to be

The Town Center, Unit D4, 800 Rosser Avenue, Brandon, MB R7A 6N5 204 729-3141 www.btateach.com date: 26 February 2018 subject: BTA presentation to the Brandon School Division Board of Trustees on the 2018-2019 BSD budget In attending this

259 views • 4 slides
We Welcome ome Thank you for attending! Special thank you to Dr. David A. Williams, Dr. Patrick

We Welcome ome Thank you for attending! Special thank you to Dr. David A. Williams, Dr. Patrick

We Welcome ome Thank you for attending! Special thank you to Dr. David A. Williams, Dr. Patrick Barko, and of course Madelon Hale and her friends and family. Olesia Kennedy, Pres & Founder of Epi4Dogs Foundation Inc, a 501c3 non-profit

501 views • 29 slides
Please be aware that this session is being recorded. If you are attending remotely, please be

Please be aware that this session is being recorded. If you are attending remotely, please be

Please be aware that this session is being recorded. If you are attending remotely, please be sure your microphone is on Mute . Todays Agenda Welcome and OSP Staff Introductions Uniform Guidance: Procurement Requirements IRES

596 views • 33 slides
Overlay Analysis as a Method Understanding Overlay Analysis

Overlay Analysis as a Method Understanding Overlay Analysis

Synthesis Presentation Using Overlay Analysis as a Tool to Identify Restoration Opportunities for Coho Salmon TRFRP Campbell Creek Pilot Project April 26 2018 SLIDE 2 Welcome everyone and thank you for attending this webinar. My name is

314 views • 17 slides

More recommend