Your final research paper assignment is to write a research paper that explains how defense-in-depth (chapter 6) and awareness (chapter 10) are complimentary techniques to detect emerging threats and

1 Copyright © 2012, Elsevier Inc. All Rights Reser ved Chapter 10 Awareness Cyber Attacks Protecting National Infrastructure, 1 st ed. 2 • Situational awareness is the real -time understanding within an organization of its security risk posture • Awareness of security posture requires consideration of the following – Known vulnerabilities – Security infrastructure – Network and computing architecture – Business environment – Global threats – Hardware and software profiles Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness Introduction 3 Fig. 10.1 – Optimal period of system usage for cyber security Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 4 • Factoring in all elements of situational awareness should create an overview of current security risk • Descriptors such as high, medium, and low are too vague to be helpful • Security risk levels should be linked with actionable items Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness Introduction 5 Fig. 10.2 – Rough dashboard estimate of cyber security posture Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 6 Fig. 10.3 – Security posture changes based on activity and response Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 7 Detecting Infrastructure Attacks • No security task is more difficult and complex than the detection of an ongoing attack • Many tools for detecting attack, yet none comprehensive or foolproof • Determination of risk level is a fluid process Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 8 Fig. 10.4 – Attack confidence changes based on events Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 9 Managing Vulnerability Information • Situational awareness for national infrastructure protection requires a degree of attention to daily trivia around vulnerability information • Practical heuristics for managing vulnerability information – Structured collection – Worst case assumptions – Nondefinitive conclusions – Connection to all sources Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 10 Fig. 10.5 – Vulnerability management structure Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 11 Managing Vulnerability Information • Three basic rules for managers – Always assume adversary knows as much or more about your infrastructure – Assume the adversary is always keeping vulnerability - related secrets from you – Never assume you know everything relevant to the security of your infrastructure Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 12 Cyber Security Intelligence Reports • Daily cyber security intelligence reports are standard in government agencies • They would be useful in enterprise settings • A cyber security intelligence report would include – Current security posture – Top and new security risks – Automated metrics – Human interpretation Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 13 Cyber Security Intelligence Reports • Tasks for creating a cyber security intelligence report – Intelligence gathering – Interpretation and publication – Dissemination and archiving Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 14 Fig. 10.6 – Cyber security intelligence report creation and dissemination Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 15 Risk Management Process • Security risks must be tracked and prioritized • Generally agreed upon approach to measuring risk associated with specific components begins with two estimations – Liklihood – Consequences • Actual numeric value of risk less important than overall relative risk • A useful construct compares security risk against cost of recommended action Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 16 Fig. 10.7 – Risk versus cost decision path structure Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 17 Risk Management Process • Increasing risks likely incur increased costs • Summary of management considerations – Maintaining a prioritized list of security risks – Justifying all decisions Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 18 Security Operations Centers • The security operations center (SOC) is the most visible realization of real -time security situational awareness • Most SOC designs begin with centralized model – a facility tied closely to operation • A global dispersal of SOC resources is an around -the - clock real -time analysis of security threats Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 19 Fig. 10.8 – Security operations center (SOC) high - level design Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness 20 • A national -level view of security posture will require consideration of the following – Commercial versus government information – Information classification – Agency politics – SOC responsibility Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 10 – Awareness National Awareness Program