It steering committee meeting security operations center
Download
1 / 14

IT Steering Committee Meeting Security Operations Center - PowerPoint PPT Presentation


  • 392 Views
  • Uploaded on

IT Steering Committee Meeting Security Operations Center. Thursday, January 23, 2014 10:00 am – 11: 3 0 a m. Agenda. Cyber Security Center of Excellence Project Phase Implementation Next Steps. State of Hawaii’s Transformation Programs. Security Operations Center.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' IT Steering Committee Meeting Security Operations Center' - karah


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
It steering committee meeting security operations center

IT Steering Committee MeetingSecurity Operations Center

Thursday, January 23, 2014

10:00 am – 11:30 am


Agenda

  • Cyber Security Center of Excellence

  • Project Phase

  • Implementation

  • Next Steps



Security Operations Center

Mission Statement:“To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.”


Project Phase

4 Phased Approach



Implementation

Lessons Learned

Detect

Analyze

Respond

Recover

Integration

Process

Training

Enterprise-Wide Incident Response Plan


Implementation - Detect

  • Detection through ArcSight

    • Detect intrusions at perimeter, internal network, hosts, applications


Implementation - Analyze

  • Detailed Analysis with LiveAction

    • Determine severity, scope, business impact


Implementation - Analyze

  • Initial Cyber Incident Report

    • Notification to Business and Program Owners


Implementation - Respond

  • Response Options

    • Can stop attack at perimeter, access layer, host, or somewhere in between


Implementation - Recover

  • Recover systems to normal state

    • Includes threat removal, damage assessment, forensics, reporting and lessons learned

  • Plan the Recovery

  • Collect Incident Data

  • Cleanup & Recovery of Incident

  • Forensics - Reconstruct

  • Damage & Cost assessment

  • Revise plan & response

  • Complete post-incident analysis and reporting

  • Reporting internally & to authorities


Implementation – Verify and Validate

  • Ensure mitigation efforts were successful

    • Watch-list monitoring with multiple Cyber Tools


Next Steps

  • Continue Server Categorization

  • Defining use cases for Alerting, Reporting and Dashboards in ArcSight

  • Continue Adversary Hunting

  • Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems)

  • Begin Enterprise-Wide Incident Response Program Development

  • Thank You


ad