it steering committee meeting security operations center
Download
Skip this Video
Download Presentation
IT Steering Committee Meeting Security Operations Center

Loading in 2 Seconds...

play fullscreen
1 / 14

IT Steering Committee Meeting Security Operations Center - PowerPoint PPT Presentation


  • 402 Views
  • Uploaded on

IT Steering Committee Meeting Security Operations Center. Thursday, January 23, 2014 10:00 am – 11: 3 0 a m. Agenda. Cyber Security Center of Excellence Project Phase Implementation Next Steps. State of Hawaii’s Transformation Programs. Security Operations Center.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IT Steering Committee Meeting Security Operations Center' - karah


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
it steering committee meeting security operations center

IT Steering Committee MeetingSecurity Operations Center

Thursday, January 23, 2014

10:00 am – 11:30 am

slide2
Agenda
  • Cyber Security Center of Excellence
  • Project Phase
  • Implementation
  • Next Steps
slide4
Security Operations Center

Mission Statement:“To enhance the cyber security posture of the Hawaii State Government through continuous monitoring to proactively identify, isolate and manage security incidents thereby reducing the risks from potential cyber threats.”

slide5
Project Phase

4 Phased Approach

slide7
Implementation

Lessons Learned

Detect

Analyze

Respond

Recover

Integration

Process

Training

Enterprise-Wide Incident Response Plan

slide8
Implementation - Detect
  • Detection through ArcSight
    • Detect intrusions at perimeter, internal network, hosts, applications
slide9
Implementation - Analyze
  • Detailed Analysis with LiveAction
    • Determine severity, scope, business impact
slide10
Implementation - Analyze
  • Initial Cyber Incident Report
    • Notification to Business and Program Owners
slide11
Implementation - Respond
  • Response Options
    • Can stop attack at perimeter, access layer, host, or somewhere in between
slide12
Implementation - Recover
  • Recover systems to normal state
    • Includes threat removal, damage assessment, forensics, reporting and lessons learned
  • Plan the Recovery
  • Collect Incident Data
  • Cleanup & Recovery of Incident
  • Forensics - Reconstruct
  • Damage & Cost assessment
  • Revise plan & response
  • Complete post-incident analysis and reporting
  • Reporting internally & to authorities
slide13
Implementation – Verify and Validate
  • Ensure mitigation efforts were successful
    • Watch-list monitoring with multiple Cyber Tools
slide14
Next Steps
  • Continue Server Categorization
  • Defining use cases for Alerting, Reporting and Dashboards in ArcSight
  • Continue Adversary Hunting
  • Continued Ingestion of Devices (Servers, Databases, Routers, Switches, Security Systems)
  • Begin Enterprise-Wide Incident Response Program Development
  • Thank You
ad