Stop looking for the silver bullet start thinking like a bad guy - IDC IT Security Istanbul 2015

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Stop looking for the silver bullet, start thinking like a bad guyJames Blake CISSP CISM CCSK GCIH ITIL-F Lead Auditor Practice Manager EMEAHP Security Intelligence & Operations Consulting

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

HP Security Intelligence & Operations ConsultingThe best in the world at building state of the art Security Operations Capabilities / Cyber Defense programs since 2009.

Experience:•  47+ SOC Builds•  130+ SOC Assessments & Improvement Roadmaps•  55+ SIOC Consultants worldwide•  Over 275 years of cumulative SOC experience

Solution Approach: •  Business/Risk Alignment People, Process, & Technology

Accelerated Success: •  Mature Project Methodology•  Best Practices•  Extensive Intellectual Capital

OperationalExcellence

Risk Alignment

Controls monitoring

Staffing & Training

App monitoringAnalytics

Processes & Procedures

App


Security Operations Maturity Assessment

168Business alignment

People

Process

Technology Roadmap

118assessments

87companies

18countries

6continents


State of Security Operations 2015 At-a-GlanceAverage SOC CMMI Level

1.5520%SOCs failing to achieve minimum monitoring capabilities

Telecom

TechnologyMost mature vertical

Least mature vertical

87%SOCs not achieving recommended

maturity level

#1 Problem Finding and retaining staff

Sharing of threat intelligence

Most effective reporting line for SOCs

Legal or GRCCloud Use Cases entering SOC

Mentoring & On-the-Job training more effective than certification




© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
















Risk Management

Business Enablement

Technical Architecture

Operational Excellence

The CISO Agenda – Are you operating in all four?

12

•  Intellectual Property Protection•  Insider Threats•  Consumerization of IT•  Business Continuity *

•  Mergers, Sourcing and Workforce Changes* •  Support for Rapidly Changing Business •  Need for Improved Business Intelligence •  Building Robust Continuity Plans•  Deliver First & Best (Products & Services)•  Focus on New Revenue Streams•  Agile development *

•  Vendor and 3rd Party Management •  Executive Reporting and Metrics •  Asset and Configuration Management•  Awareness and Training•  App, Infrastructure & Code Review•  Executing on Fortify

•  “Cloud” Computing•  Data Loss Prevention•  SIEM Platforms & Programs•  Disaster recovery•  Emerging Technologies



Cyber Security & Resilience

Current Trends: Not “If”... “When”

Controls

>90% Breaches

Avoidable

Patch, OS, AV, Identity, Monitoring

HygieneAPT APT

Low/ModerateHigh HighResource

Evolution of Cyber Threat

Hacktivist Motivation: Disruptive

Criminal Motivation: Financial

Year 2000 Year 2014

Espionage Motivation: IP Theft

Industry Threat Mitigation

Finding a balance between Security Hygiene & Threats

19



0 1 2 3 4 5

Governance

Plan & Budget

Organization

Controls

Awareness

Process

Engineering

Current

Program Area Maturity Levels

Target

Threat Management

Response

Risk Assessment

Illustrative: Not Actual Data

Program Benchmarks



Our Service Line View

Aligning our business to deliver a seamless and connected customer experience

Risk Management

Threat and Vulnerability Management

Access Management

Corporate Security and Risk Incident Management

ISRM Monitoring

11

Presentations & Public Speaking

Stop looking for the silver bullet start thinking like a bad guy - IDC IT Security Istanbul 2015