It steering committee meeting security operations center
Sponsored Links
This presentation is the property of its rightful owner.
1 / 14

IT Steering Committee Meeting Security Operations Center PowerPoint PPT Presentation


  • 333 Views
  • Uploaded on
  • Presentation posted in: General

IT Steering Committee Meeting Security Operations Center. Thursday, January 23, 2014 10:00 am – 11: 3 0 a m. Agenda. Cyber Security Center of Excellence Project Phase Implementation Next Steps. State of Hawaii’s Transformation Programs. Security Operations Center.

Download Presentation

IT Steering Committee Meeting Security Operations Center

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


IT Steering Committee MeetingSecurity Operations Center

Thursday, January 23, 2014

10:00 am – 11:30 am


Agenda

  • Cyber Security Center of Excellence

  • Project Phase

  • Implementation

  • Next Steps


State of Hawaii’s Transformation Programs


Security Operations Center

Mission Statement:“To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.”


Project Phase

4 Phased Approach


Implementation - Security Devices


Implementation

Lessons Learned

Detect

Analyze

Respond

Recover

Integration

Process

Training

Enterprise-Wide Incident Response Plan


Implementation - Detect

  • Detection through ArcSight

    • Detect intrusions at perimeter, internal network, hosts, applications


Implementation - Analyze

  • Detailed Analysis with LiveAction

    • Determine severity, scope, business impact


Implementation - Analyze

  • Initial Cyber Incident Report

    • Notification to Business and Program Owners


Implementation - Respond

  • Response Options

    • Can stop attack at perimeter, access layer, host, or somewhere in between


Implementation - Recover

  • Recover systems to normal state

    • Includes threat removal, damage assessment, forensics, reporting and lessons learned

  • Plan the Recovery

  • Collect Incident Data

  • Cleanup & Recovery of Incident

  • Forensics - Reconstruct

  • Damage & Cost assessment

  • Revise plan & response

  • Complete post-incident analysis and reporting

  • Reporting internally & to authorities


Implementation – Verify and Validate

  • Ensure mitigation efforts were successful

    • Watch-list monitoring with multiple Cyber Tools


Next Steps

  • Continue Server Categorization

  • Defining use cases for Alerting, Reporting and Dashboards in ArcSight

  • Continue Adversary Hunting

  • Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems)

  • Begin Enterprise-Wide Incident Response Program Development

  • Thank You


  • Login