| | SEPTEMBER 20189CIOReviewOur SOC has large screen dashboards with multiple feeds related to InfoSec monitoring along with real-time notifications sent to the mobile devices of the Incident Handler staff. We have also enrolled in the DHS EINSTEIN-3 Accelerated (E3A) program that ensures all of the traffic from the Domain Name Servers (DNS) and Simple Mail Transfer Protocol (SMTP) is monitored by these services.Senior Leadership Support With the establishment of the Senior Agency Official (SAO) for Risk Management, the agency's leadership is actively involved in risk-based decisions. CISOs today are implementing a risk scoring system that assists decision-making and encourages involvement from the system owners with data transparency and information sharing. Our risk management aim is to prevent high-risk material impact and to establish a potent threat prevention, detection, and threat eradication program. Building partnerships with DHS/CDM, we embrace cybersecurity intelligence collection and ubiquitous sharing.We also still do our basic network hygiene, such as scanning the agency networks for IT assets to ensure that all information system components are known and thus are appropriately managed and patched from vulnerabilities. We stop the abnormal behavior at the end point sooner than being missed at the gateway controllers using Endpoint Detection and Response (EDR) software appliance. In addition, to minimize the use of administrative accounts across the network, we have deployed privileged account security software that sets up isolated space for administrators to perform privileged actions.From an end user perspective, technology solutions are rapidly advancing. To mitigate the risk of the user accidentally clicking on a malicious link, there is the browser isolation concept, which is a Cybersecurity is not a onetime activity, but rather a continuous effort requiring vigilance at all timesremote browser from a managed virtual instance, thereby isolating the browsing function from the rest of the endpoint and agency network. From the reverse aspect, there are deception technologies to establish decoys, fake networks, and honeypots to lure the bad guys into a controlled section and monitor their behavior.Web application attacks are more common and differ from DDOS volumetric attacks because they are not aimed at choking critical services with excess traffic. Instead, they target weaknesses in the servers and compromise online services. We have deployed Web Application and Database Firewalls (WAF / DBF) as an insurance policy to proactively detect common attacks such as SQL injection and Cross Site Scripting, which are often the result of sloppy coding practices. Our standard practice is to scan or analyze all software code through static code analyzers and remediate security defects prior to deploying code on production servers.Cybersecurity and privacy have been in the news on several fronts this past year, and our objective is to proactively identify cyber-attacks or intrusions. My mantra to stay ahead of the cyber-attacks is to act like we are breached. Continuous monitoring is the new firewall. With the DHS partnership, our SOC is elevated to use threat intelligence, advanced analytics, and automation. Our systems engineers are educated to purposely segment the network using different domain controller accounts for routine network maintenance, thereby limiting the intruder traversing the network with compromised credentials. Users are often the weakest link, and besides raising awareness through continuous education, we are implementing Advanced Threat Analytics (ATA) as an on-premise Windows defender to protect links in email messages and on the Internet. With limited SOC resources, we cannot fix everything, and the best risk management approach is to automate with current technology such as enhanced DLP with User Entity-Based behavior. Last, but not least, my cybersecurity team is our greatest asset--we influence, develop, retain, and expand the cybersecurity skill set by investing in staff training and certifications in rapidly evolving technologies.
< Page 8 | Page 10 >