SK
Uploaded byStewart Kowalski
PPTX, PDF365 views

Socio-technical Secuirty Value Chain

This document proposes a framework for a socio-technical security information and event management (ST-SIEM) system. The framework aims to improve security response at organizations by correlating technical security events with the risk escalation maturity levels of constituents, assigning risk factors based on an organization's security culture and technological posture. Next steps include testing the proposed "socio-technical correlation engine" through ex-post risk scenarios to determine appropriate risk factors as a function of security event attributes and an organization's risk maturity level. The goal is to develop a global socio-technical cyber security warning system that better contextualizes threats for different organizational contexts.

Download to read offline
A Framework and Prototype for A Socio-Technical Security Information and Event Management System ST-SIEM Bilal AlSabbagh Department of Computer and Systems Science Stockholm University Stockholm, Sweden bilal@dsv.su.se Stewart Kowalski Norwegian Information Security Lab Center for Cyber and Information Security Norwegian University of Science and Technology Gjøvik, Norway stewart.kowalski@ntnu.no
2 Outline 19 slides 15 minutes! • Personal Introductions – Industrial Doctoral Student 1 slide – A very old jaded Cyber Security (Knowledge) Worker (3 slides ) • Meta Goal and Goal $ – (5 minutes - 6 slides) • Problem(s) and Background (s) – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
Bilal Al Sabbagh • Academic Credentials: – PhD Candidate, DSV, Stockholm University – Research Interests: • Social aspects of information security, security culture – Academic Degrees • MSc Information and Communication Systems Security, KTH, 2006 • BSc Computer Engineering, 2002 • Industrial Credentials – Information and Network Security Consultant at – Works full time with the security on the dot sa (Saudia Arabia), – Industrial Credentials • CISSP, CISA, CCSP, CCNA 3 10/2/2016 Bilal Al Sabbagh, - DSV
4JAG= A CUP THAT RUNNETH OVER My research work and industrial work in security stretch over 30 years and include both theoretical and empirical research in security and product and services.
5INDUSTRIAL VS UNIVERSITY WORK Deal with complex problems. Must give simple solutions. Deal with simple problems. Must give complex solutions. As a Professor “Swedish rumpnisse” in Norway I have earned the right to ask simple questions and give complex answers!
6 IT/IS SECURITY VALUE CHAIN Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988
7 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
8 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
9 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
10 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
11 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Econmics IT/IS SECURITY VALUE CHAIN
12 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
13 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Associate Professor 17 May 2010 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
14 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia 1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Full time academic 1st April 2011 Associate Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Business Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
Meta Goal of The Research • 7 year industrial doctoral research plan to investigate how best to add value $ to the socio- technical global cyber security value chain. In system X
Concrete Goal Open Source Security Event Management Systems- How to make it socio-technically efficient and or/Cheaper?
A Value Chain is • the interconnect group of industry participants that collectively create value for the end user. • If technologies or services are to succeed they must deliver financial or operational value at every stage of the chain. • For any technology or service to be adopted, each element on the chain must add value for the next element. Ref: The strategic Implications of Computing and the Internet on Wireless: The Competitive Blur Through 2008, Herschel Schoteck Associates. ) Meta-Goal
Security Spending Mental Models IT Workers individuals (Saudi Arabia) Personal Organizational Natiional Spending /Priority Deter Prevent Detect Correct Recover 18Bilal Al Sabbagh, Stewart Kowalski - DSV
Comparing Swedish and Norwegian Bank’s Security Value Chain Oct 2011
20 Concrete Value Chain Hardware Software Systems Services “the primary defining concept in a value chain is what the customer is willing to pay for” Porter 1985 The Competitive Advantage
Security Value Chain Concrete $ View Hardware Software System ServicesBuyers Total global market size for e-business security products in $ millions (2000–2005) 2000 2001 2002 2003 2004 2005 Access security 940 2,160 4,830 7,850 12,690 16,120 Communication security 810 1,610 2,970 4,680 7,340 9,040 Content security 660 1,300 2,390 3,700 5,660 6,910 Security Management 700 1,520 2,790 4,460 9,490 11,820 Services 410 1,020 2,390 4,610 9,050 14,780 Total 3,520 7,610 15,370 25,300 44,230 58,670 $ Security Incident Event Management Systems and Services $
Outline • Goal and Meta Goal $ – (5 minutes - 6 slides) • Concrete Problem and Background – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
National Computer Emergency Response Teams (CERT)s Role • Support organizations with security incident response capabilities • Provide actionable security information • Utilize several tools (SIEMs and others) for effectiveness and efficiency • Collects; prepare; process; enrich ; disseminate security information Background
Problems with Security Event Management Reduce False positives by ABC = Always be contextualizing Ref : https://www.linkedin.com/pulse/contextualization-security-analytics-niranjan-mayya Hardware Software System ServicesBuyers $ Security Incident Event Management Systems and Services $
ENISA HIGHLIGHTS • Actionable information disseminated by CERTs are not equally relevant (or even actionable) to constituents • Challenges for security managers how to respond to this information using their information security management systems (ISMS) Problem CERT.SE Company X SIEM Company X ISMS
Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 6 slides) • Questions and Next Steps – 5 minutes 2-slides
Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
Paper contribution 1 • Framework for a socio-technical SIEM to improve security response at organizations
Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
Framework for information security risk management and escalation Combination of NIST and ISO Frameworks
Risk escalation maturity levels Non- existent Repeatable Defined Managed Optimized Risk Escalation Maturity Awareness Responsibility Reporting Policies/Standards Knowledge/education Procedures/tools
Paper contribution 1. Framework for a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
Security Event: Managed organization firewall has rejected a connection from a source host to the destination organization asset because the configured per-client connections limit was exceeded. Priority: 1 of 5 Reliability: 1 of 10 Targeted asset value: 4 of 5 (Asset in this case was the DNS server) Risk factor: 4 x 1 x 1 /25 = 0.16 of 10 Contribution 3 Page 73 of the user guide https://www.alienvault.com/doc-repo/usm/v5/USM-v5-User-Guide.pdf
34 Outline • Goal and Meta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 4 slides) • Next Steps and Your Suggestion Questions – 5 minutes 2-slides
Next Step Desk-Top/Ex-Post Risk Scenario Test of Socio-technical Correlation Engine Risk factor = f (security event technical attributes, organization risk escalation maturity level) ? EX-post Ex-Ante Risk Scenari o ? CERT.X Org ML3 Org ML3..MLN
A global Socio-Technical cyber security Warning Systems 36 >?<

More Related Content

PPTX
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PPTX
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PPTX
Progress towards security in the Cloud-Héctor Sánchez, Microsoft
byMind the Byte
 
PPTX
Sarwono sutikno nisd2013 - transforming cybersecurity
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PDF
Security fundamentals
bySofoklisEfremidisAIT
 
PDF
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
by360 BSI
 
PDF
Ethical Hacking Workshop is an essential for hackers
bytechnoxian
 
PDF
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
by360 BSI
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Progress towards security in the Cloud-Héctor Sánchez, Microsoft
byMind the Byte
 
Sarwono sutikno nisd2013 - transforming cybersecurity
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Security fundamentals
bySofoklisEfremidisAIT
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
by360 BSI
 
Ethical Hacking Workshop is an essential for hackers
bytechnoxian
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
by360 BSI
 

Viewers also liked

PPTX
Allergy and Epi-pen
byjkidd423
 
PPTX
secQme BodyGuard in your mobile phone
byKhoo Shiang
 
PDF
Cert IV in Security & Risk Managment
byPaul Harrison J.P.
 
PPT
Choosing the Right Fabric for Your Bespoke Suit
bybyDCLA
 
PPTX
BUSQUEDA EN INTERNET
byvillacorta25912
 
PPTX
Credit Card Computers and Their Application in HE
byThomas Danford
 
PDF
Barrington Ayre Shirtmaker & Tailor Brochure
byTom Wharton
 
PDF
Panel Discussion - Counterfeit Electronics and the Defense Authorization Bill
byIHS
 
PPTX
Group Research & Proposal for Fashion Shoe Brand Eighthereal
byEna Teo Jia En
 
PDF
Security Framework for Digital Risk Managment
bySecurestorm
 
PPTX
Flavor components
byemem amparo
 
PPT
Mens Fashion
byTTC Webmaster
 
PPTX
Mobile Phone and SIM card cloning
byAnkur Kumar
 
PPTX
Mobile phone cloning
bySaisharan Amaravadhi
 
PPT
Epi pen presentation
byvbiccum
 
PPT
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
byskpatel91
 
Allergy and Epi-pen
byjkidd423
 
secQme BodyGuard in your mobile phone
byKhoo Shiang
 
Cert IV in Security & Risk Managment
byPaul Harrison J.P.
 
Choosing the Right Fabric for Your Bespoke Suit
bybyDCLA
 
BUSQUEDA EN INTERNET
byvillacorta25912
 
Credit Card Computers and Their Application in HE
byThomas Danford
 
Barrington Ayre Shirtmaker & Tailor Brochure
byTom Wharton
 
Panel Discussion - Counterfeit Electronics and the Defense Authorization Bill
byIHS
 
Group Research & Proposal for Fashion Shoe Brand Eighthereal
byEna Teo Jia En
 
Security Framework for Digital Risk Managment
bySecurestorm
 
Flavor components
byemem amparo
 
Mens Fashion
byTTC Webmaster
 
Mobile Phone and SIM card cloning
byAnkur Kumar
 
Mobile phone cloning
bySaisharan Amaravadhi
 
Epi pen presentation
byvbiccum
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
byskpatel91
 

Similar to Socio-technical Secuirty Value Chain

PDF
Telecom security issues (Raoul Chiesa, day 1 )
byClubHack
 
PDF
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
byDavid Shipley
 
PDF
Digital Self Defense at RIT
byBen Woelk, CISSP, CPTC
 
PDF
Agenda Security Helsinki 29okt2009
byAnna Näsmark
 
PDF
nullcon 2010 - Corporate Security and Intelligence – the dark links
byn|u - The Open Security Community
 
PPT
Cybercrime future perspectives
bySensePost
 
PDF
Rothke stimulating your career as an information security professional
byBen Rothke
 
PPTX
Cyber Tekes Safety and Security programme 2013
byTurvallisuus2013
 
PPTX
Digital self defense iia isaca it audit seminar
byBen Woelk, CISSP, CPTC
 
PDF
Nordic IT Security Forum 2015 Agenda
byCopperberg
 
PDF
Wireless Security on Context (disponible en español)
byCisco Service Provider Mobility
 
PDF
Rethinking IT - Main Role of the IT Department
byAxel Vanhooren
 
PDF
ICISS Newsletter Sept 14
byCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
PDF
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
byMatthew Rosenquist
 
PDF
GITA March 2015 Newsletter
byKevin Moore MSIT, MISM
 
PPTX
Digital Self Defense
byBen Woelk, CISSP, CPTC
 
PPTX
module_1_chapter_1.pptx
byArsalanT2
 
PPT
Introduction to information systems security 365 765
byNicholas Davis
 
PPT
Introduction To Information Systems Security 365 765
byNicholas Davis
 
PDF
Cyber security course in Trivandrum.ppt.
bysafvandotin16
 
Telecom security issues (Raoul Chiesa, day 1 )
byClubHack
 
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
byDavid Shipley
 
Digital Self Defense at RIT
byBen Woelk, CISSP, CPTC
 
Agenda Security Helsinki 29okt2009
byAnna Näsmark
 
nullcon 2010 - Corporate Security and Intelligence – the dark links
byn|u - The Open Security Community
 
Cybercrime future perspectives
bySensePost
 
Rothke stimulating your career as an information security professional
byBen Rothke
 
Cyber Tekes Safety and Security programme 2013
byTurvallisuus2013
 
Digital self defense iia isaca it audit seminar
byBen Woelk, CISSP, CPTC
 
Nordic IT Security Forum 2015 Agenda
byCopperberg
 
Wireless Security on Context (disponible en español)
byCisco Service Provider Mobility
 
Rethinking IT - Main Role of the IT Department
byAxel Vanhooren
 
ICISS Newsletter Sept 14
byCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
byMatthew Rosenquist
 
GITA March 2015 Newsletter
byKevin Moore MSIT, MISM
 
Digital Self Defense
byBen Woelk, CISSP, CPTC
 
module_1_chapter_1.pptx
byArsalanT2
 
Introduction to information systems security 365 765
byNicholas Davis
 
Introduction To Information Systems Security 365 765
byNicholas Davis
 
Cyber security course in Trivandrum.ppt.
bysafvandotin16
 

Recently uploaded

PDF
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
PDF
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
PDF
Submission Start Now....! International Journal of Ubiquitous Computing (IJU)
byijujournal
 
PDF
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
PPTX
Презентация Филимонов (английский).pptx
bydragonnonext
 
PDF
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
PDF
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
PDF
Viktor Huszag - Amadeus IT Group - Anti-Fraud Policy
byViktor Huszag
 
PPTX
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
PDF
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
PPTX
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
PDF
Submit Your Research Papers...! IJCI welcomes conferences to publish their p...
byIJCI JOURNAL
 
PDF
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
PPTX
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
PDF
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
PDF
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
Submission Start Now....! International Journal of Ubiquitous Computing (IJU)
byijujournal
 
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
Презентация Филимонов (английский).pptx
bydragonnonext
 
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
Viktor Huszag - Amadeus IT Group - Anti-Fraud Policy
byViktor Huszag
 
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
Submit Your Research Papers...! IJCI welcomes conferences to publish their p...
byIJCI JOURNAL
 
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 

Socio-technical Secuirty Value Chain

  • 1.
    A Framework andPrototype for A Socio-Technical Security Information and Event Management System ST-SIEM Bilal AlSabbagh Department of Computer and Systems Science Stockholm University Stockholm, Sweden [email protected] Stewart Kowalski Norwegian Information Security Lab Center for Cyber and Information Security Norwegian University of Science and Technology Gjøvik, Norway [email protected]
  • 2.
    2 Outline 19 slides15 minutes! • Personal Introductions – Industrial Doctoral Student 1 slide – A very old jaded Cyber Security (Knowledge) Worker (3 slides ) • Meta Goal and Goal $ – (5 minutes - 6 slides) • Problem(s) and Background (s) – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
  • 3.
    Bilal Al Sabbagh •Academic Credentials: – PhD Candidate, DSV, Stockholm University – Research Interests: • Social aspects of information security, security culture – Academic Degrees • MSc Information and Communication Systems Security, KTH, 2006 • BSc Computer Engineering, 2002 • Industrial Credentials – Information and Network Security Consultant at – Works full time with the security on the dot sa (Saudia Arabia), – Industrial Credentials • CISSP, CISA, CCSP, CCNA 3 10/2/2016 Bilal Al Sabbagh, - DSV
  • 4.
    4JAG= A CUPTHAT RUNNETH OVER My research work and industrial work in security stretch over 30 years and include both theoretical and empirical research in security and product and services.
  • 5.
    5INDUSTRIAL VS UNIVERSITY WORK Dealwith complex problems. Must give simple solutions. Deal with simple problems. Must give complex solutions. As a Professor “Swedish rumpnisse” in Norway I have earned the right to ask simple questions and give complex answers!
  • 6.
    6 IT/IS SECURITY VALUECHAIN Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key Managment Systems Designer Philips Fiancial Business System 1988
  • 7.
    7 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Crypto Key ManagmentSystems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  • 8.
    8 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  • 9.
    9 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Senior Security Management Consult Ericsson 1999 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS Security Value Chain
  • 10.
    10 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
  • 11.
    11 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Econmics IT/IS SECURITY VALUE CHAIN
  • 12.
    12 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics IT/IS SECURITY VALUE CHAIN
  • 13.
    13 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Associate Professor 17 May 2010 Assitant Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Economics Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
  • 14.
    14 Researching Teaching Standardizing + Regulation Product Management Development Sales Support Operations & Services Manager Research Business + Security Telia1998 Senior Security Management Consult Ericsson 1999 Strategic Product Manager Security and Fraud Prevention Core Networks Ericsson 2002 Crypto Key Managment Systems Designer Philips Fiancial Business System 1988 Manger Risk & Security Business Unit Global Services Global Network Operations Center 2006-2009 Manager Ericsson Security Evaluations Competence Center 2003 Full time academic 1st April 2011 Associate Professor Computer & Telecom Secruity and Business 1989 Stockholm Universtiy Royal Institute of Technology University College Gävle Stockholm School of Business Senior Security Architecte and Product Manager Huawei Technologies 2009- 2011 IT/IS SECURITY VALUE CHAIN
  • 15.
    Meta Goal ofThe Research • 7 year industrial doctoral research plan to investigate how best to add value $ to the socio- technical global cyber security value chain. In system X
  • 16.
    Concrete Goal Open SourceSecurity Event Management Systems- How to make it socio-technically efficient and or/Cheaper?
  • 17.
    A Value Chainis • the interconnect group of industry participants that collectively create value for the end user. • If technologies or services are to succeed they must deliver financial or operational value at every stage of the chain. • For any technology or service to be adopted, each element on the chain must add value for the next element. Ref: The strategic Implications of Computing and the Internet on Wireless: The Competitive Blur Through 2008, Herschel Schoteck Associates. ) Meta-Goal
  • 18.
    Security Spending MentalModels IT Workers individuals (Saudi Arabia) Personal Organizational Natiional Spending /Priority Deter Prevent Detect Correct Recover 18Bilal Al Sabbagh, Stewart Kowalski - DSV
  • 19.
  • 20.
    20 Concrete Value Chain HardwareSoftware Systems Services “the primary defining concept in a value chain is what the customer is willing to pay for” Porter 1985 The Competitive Advantage
  • 21.
    Security Value Chain Concrete$ View Hardware Software System ServicesBuyers Total global market size for e-business security products in $ millions (2000–2005) 2000 2001 2002 2003 2004 2005 Access security 940 2,160 4,830 7,850 12,690 16,120 Communication security 810 1,610 2,970 4,680 7,340 9,040 Content security 660 1,300 2,390 3,700 5,660 6,910 Security Management 700 1,520 2,790 4,460 9,490 11,820 Services 410 1,020 2,390 4,610 9,050 14,780 Total 3,520 7,610 15,370 25,300 44,230 58,670 $ Security Incident Event Management Systems and Services $
  • 22.
    Outline • Goal andMeta Goal $ – (5 minutes - 6 slides) • Concrete Problem and Background – (5 Minutes- 3 slides) • Contributions – (5 minutes – 4 slides) • Questions and Next Steps – 5 minutes 2-slides)
  • 23.
    National Computer EmergencyResponse Teams (CERT)s Role • Support organizations with security incident response capabilities • Provide actionable security information • Utilize several tools (SIEMs and others) for effectiveness and efficiency • Collects; prepare; process; enrich ; disseminate security information Background
  • 24.
    Problems with SecurityEvent Management Reduce False positives by ABC = Always be contextualizing Ref : https://www.linkedin.com/pulse/contextualization-security-analytics-niranjan-mayya Hardware Software System ServicesBuyers $ Security Incident Event Management Systems and Services $
  • 25.
    ENISA HIGHLIGHTS • Actionableinformation disseminated by CERTs are not equally relevant (or even actionable) to constituents • Challenges for security managers how to respond to this information using their information security management systems (ISMS) Problem CERT.SE Company X SIEM Company X ISMS
  • 26.
    Outline • Goal andMeta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 6 slides) • Questions and Next Steps – 5 minutes 2-slides
  • 27.
    Paper contribution 1. Frameworkfor a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  • 28.
    Paper contribution 1 •Framework for a socio-technical SIEM to improve security response at organizations
  • 29.
    Paper contribution 1. Frameworkfor a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  • 30.
    Framework for informationsecurity risk management and escalation Combination of NIST and ISO Frameworks
  • 31.
    Risk escalation maturitylevels Non- existent Repeatable Defined Managed Optimized Risk Escalation Maturity Awareness Responsibility Reporting Policies/Standards Knowledge/education Procedures/tools
  • 32.
    Paper contribution 1. Frameworkfor a socio-technical SIEM to improve security response at organizations 2. Correlating technical security events with the risk escalation maturity levels of constituents (socio-technical) 3. The risk factor is not generic but directed based on the organization security culture and technological security posture
  • 33.
    Security Event: Managedorganization firewall has rejected a connection from a source host to the destination organization asset because the configured per-client connections limit was exceeded. Priority: 1 of 5 Reliability: 1 of 10 Targeted asset value: 4 of 5 (Asset in this case was the DNS server) Risk factor: 4 x 1 x 1 /25 = 0.16 of 10 Contribution 3 Page 73 of the user guide https://www.alienvault.com/doc-repo/usm/v5/USM-v5-User-Guide.pdf
  • 34.
    34 Outline • Goal andMeta Goal $ – (5 minutes - 2 slides) • Problem and Background – (5 Minutes- 5 slides) • Contributions – (5 minutes – 4 slides) • Next Steps and Your Suggestion Questions – 5 minutes 2-slides
  • 35.
    Next Step Desk-Top/Ex-Post RiskScenario Test of Socio-technical Correlation Engine Risk factor = f (security event technical attributes, organization risk escalation maturity level) ? EX-post Ex-Ante Risk Scenari o ? CERT.X Org ML3 Org ML3..MLN
  • 36.
    A global Socio-Technicalcyber security Warning Systems 36 >?<