Download
it steering committee meeting security operations center n.
Skip this Video
Loading SlideShow in 5 Seconds..
IT Steering Committee Meeting Security Operations Center PowerPoint Presentation
Download Presentation
IT Steering Committee Meeting Security Operations Center

IT Steering Committee Meeting Security Operations Center

716 Views Download Presentation
Download Presentation

IT Steering Committee Meeting Security Operations Center

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. IT Steering Committee MeetingSecurity Operations Center Thursday, January 23, 2014 10:00 am – 11:30 am

  2. Agenda • Cyber Security Center of Excellence • Project Phase • Implementation • Next Steps

  3. State of Hawaii’s Transformation Programs

  4. Security Operations Center Mission Statement:“To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.”

  5. Project Phase 4 Phased Approach

  6. Implementation - Security Devices

  7. Implementation Lessons Learned Detect Analyze Respond Recover Integration Process Training Enterprise-Wide Incident Response Plan

  8. Implementation - Detect • Detection through ArcSight • Detect intrusions at perimeter, internal network, hosts, applications

  9. Implementation - Analyze • Detailed Analysis with LiveAction • Determine severity, scope, business impact

  10. Implementation - Analyze • Initial Cyber Incident Report • Notification to Business and Program Owners

  11. Implementation - Respond • Response Options • Can stop attack at perimeter, access layer, host, or somewhere in between

  12. Implementation - Recover • Recover systems to normal state • Includes threat removal, damage assessment, forensics, reporting and lessons learned • Plan the Recovery • Collect Incident Data • Cleanup & Recovery of Incident • Forensics - Reconstruct • Damage & Cost assessment • Revise plan & response • Complete post-incident analysis and reporting • Reporting internally & to authorities

  13. Implementation – Verify and Validate • Ensure mitigation efforts were successful • Watch-list monitoring with multiple Cyber Tools

  14. Next Steps • Continue Server Categorization • Defining use cases for Alerting, Reporting and Dashboards in ArcSight • Continue Adversary Hunting • Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems) • Begin Enterprise-Wide Incident Response Program Development • Thank You