1 / 15

GS/ OAS Approach to Information Security Architecture

This document outlines the GS/OAS approach to information security architecture, focusing on major data breaches in the last 5 years and Gartner's top security and risk management trends. It provides figures, strategic plans, and key initiatives to enhance information security. The document also highlights the importance of machine learning, phishing detection, centralized logs and correlation, personnel cyber security, mobile lab, and cyber attack threat mapping.

lnewberry
Download Presentation

GS/ OAS Approach to Information Security Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GS/OAS Approach to InformationSecurity Architecture SAF/DOITS Department of Information and Technology Services April, 2019

  2. Major Data Breaches in the last 5 years

  3. Current Information Security Scenario

  4. Gartner’s Top Security and Risk Management Trends • The velocity and creativity of attacks will continue to grow, and attackers will exploit a variety of tools, tactics and techniques against an ever-increasing diversity of targets to achieve a growing range of goals. • The security skills gap will persist, abetted by an ever-increasing complexity in IT systems and the security tools used to protect IT systems. • Device and endpoint diversity will continue to grow due to IoT and mobile accelerators.

  5. DOITS in Figures

  6. SAF/DOITS Strategic Plan

  7. SAF/DOITS Strategic Plan Information Security Section • 2009 • Information Security Architecture • Real Time Monitoring Architecture • 2010-2018 • Information Security Architecture Enhancements • Cyber Attack Threat Map • Security Management Interface • DHS AIS (Automated Indicator Sharing) • Security Intelligence Threat • Program Collaboration

  8. GS/OAS Information Security in Figures 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Information Security Architecture Machine Learning Phishing Detection Centralized Logs and Correlation Personnel Cyber Security Mobile Lab Cyber Attacks Threat Map DHS Automated Indicator Sharing Sandboxing Cyber Security Events Analyzed Web Server Compromise Oracle EBS End of Life Slow Internet Secure Web Gateway Outdated Firewall End of Life Wannacry Ransomware Windows XP End of Life Firewall End of Life Incidents Security Breach April 2008 Staff Personnel Funds Allocated Consultants Lease Firewall Update $150,000 Reinforcement for Secure Web Gateway Update $105,000 CIDA Fund Canada $200,000

  9. OAS Realtime Cyber Attacks Threat Map

  10. OAS Realtime Cyber Attacks Threat Map

  11. Information Security Awareness Program Information Security Bulletins Information Security Awareness Presentations to Interns

  12. GS/OAS Information Technology Known Risks and Threats Matrix

  13. GS/OAS Information Technology Unknown Risks and Threats Unknown Risks and Threats Annual Assessment Budget ~$30,000 Strategic Penetration Testing An attack on a target system that escalates privileges and pivots to other systems to discover sensitive information. The deliverable is an evaluation of the security posture of the systems. Application Testing Red Team Baseline Assessment - Vulnerability Assessments Social Engineering An all-out attack to gain access to an organization’s digital infrastructure and test the defense response of the organization to the attack. The deliverable provides a plan on how to improve the responsiveness to an attack. Tests the weakest part of the organization – the human - by manipulating individuals to provide confidential or personal information through phishing and impersonation type attacks. A set of activities to find vulnerabilities in software (OWASP Top 10) to enhance the quality of the business applications. Establish the risk baseline by performing: external/internal/wireless assessment, device hardening, remote access, social engineering, physical security, web applications and penetration testing.

  14. Conclusion • Ever evolving and complex Information Security threat landscape • Increased risk of GS/OAS data being compromised. • Information Security Budget Fund is needed.

  15. GS/OAS Approach to InformationSecurity Architecture SAF/DOITS Department of Information and Technology Services April, 2019

More Related