Tuesday, 29 September 2015

New federal assessment tool highlights the importance of threat intelligence for financial institutions

By HP Security Strategist Stan Wisseman

In a previous post, I’ve encouraged use of frameworks to help determine a cybersecurity baseline capability and  roadmap to reach the goals for your information security programs. This summer, the Federal Financial Institutions Examination Council (FFIEC) introduced a new tool to assist financial organizations in following this approach.

In 2014, the FFIEC piloted a cybersecurity examination program at over 500 community financial institutions to evaluate their preparedness to mitigate cyber risks. On June 30th of this year, the FFIEC published a Cybersecurity Assessment Tool to provide ALL financial institutions with a repeatable and measureable process to inform leadership of their organization’s cyber risks (Inherent Risk Profile) and cybersecurity preparedness in relation to that risk (Cybersecurity Maturity). If the level of preparedness is inadequate, the organization may take action either to reduce the level of risk or to increase the levels of maturity (a “target” state). The Tool is mapped to both the FFIEC Information Technology Examination Handbook (FFIEC IT Handbook), as well as to the NIST Cybersecurity Framework.  Initially, the Tool will be voluntary but in the long term is expected to be incorporated into the FFIEC IT Handbook and used in regular examinations. The Tool identifies five domains, as shown above.

I’m going to focus on the Threat Intelligence & Collaboration domain in this post. I’m a strong proponent for threat intelligence sharing and am pleased that the FFIEC added this domain to their Assessment Tool. Timely sharing of intel about new or ongoing cyberattacks and threats should help avoid or minimize major breaches from an attack. I recognize that there’s still some controversy around private sector organizations sharing their threat intel with US Government agencies. Some of the potential negative consequences to this sharing was discussed at the 2nd annual Senior Executive Cyber Security Conference I attended in Baltimore earlier this month. Efforts are underway to craft legislation to address some of these concerns (see ICIT brief), though it’s unclear whether the US Congress will finalize these legislative efforts this year. Independent of the legislation, I still think that harnessing the collective wisdom of peer organizations we trust should be a win-win and is necessary to survive within our evolving threat landscape. The bad guys collaborate. We also need to.

Returning to the Assessment Tool, each domain and maturity level has a set of declarative statements (e.g., requirements) organized by the assessment factor. I’ve extracted some of the declarative statements from the Advanced and Innovative maturity levels for the Threat Intelligence & Collaboration domain below:

  • Threat intelligence is automatically received from multiple sources in real time.
  • A threat analysis system automatically correlates threat data to specific risks and then takes risk-based automated actions while alerting management.
  • Emerging internal and external threat intelligence and correlated log analysis are used to predict future attacks.
  • The institution uses multiple sources of intelligence, correlated log analysis, alerts, internal traffic flows, and geopolitical events to predict potential future attacks and attack trends.
  • IT systems automatically detect configuration weaknesses based on threat intelligence and alert management so actions can be prioritized.
  • Relationships exist with employees of peer institutions for sharing cyber threat intelligence.
  • A network of trust relationships (formal and/or informal) has been established to evaluate information about cyber threats.
  • A mechanism is in place for sharing cyber threat intelligence with business units in real time including the potential financial and operational impact of inaction.

I think the Tool encourages the building of effective threat collaboration partnerships through trust. HP has a taken a similar approach with its Threat Central service. Threat Central enables organizations to collaborate via a community-sourced security intelligence platform that incorporates dynamic threat analysis scoring to produce relevant, actionable intelligence to combat advanced cyber threats. Use of Threat Central can help you achieve some of the Advanced and Innovative declarative statements called for in the Assessment Tool.

Learn more about HP Enterprise Security.

Figure source: http://ift.tt/1FFBXhJ

View the original content and more from this author here: http://ift.tt/1KOHSwT



from cyber security caucus http://ift.tt/1KOJlmU
via IFTTT

No comments:

Post a Comment