- 26 Sports in 39 Disciplines - Lifetime of dreams, years of effort, just for that moment of glory - So how does it feel to be the best in the world ? The Sports Eval. System Besides the dream our athletes are chasing, the London Olympics 2012 also becomes the theme of this talk!
ourselves, to evaluate our performance against the rest. - Why do we compete? - Why do we want to assess our performance every time? - Does this process help us improve? - Are we able to set a higher benchmarks for next time? Some questions
needs to be measured and improved over time • Once identified a data collection process needs to be implemented • Evaluation and constant tracking of the information is key to set benchmarks • Finally, a rank / percentage / number against each essential process is what is required
have vulnerability assessment systems – Am I able to review the current risk we are running? • Attack Detection – How secure are we? Do we have a number? – What percentage of attacks can we detect? • Incident Handling – Can my team detect attacks effectively? – Are they able to respond in real-time?
SIEM, WAF, the works - I have application security consulting and my team deploys secure coding practices Scenario - I may be able to prevent attacks but are we able to detect them? - How do I know if my systems are able to detect all the attacks? Realization
– Where are those “heaps” of buffer overflows? – Next gen attacks – hit only the applications – You and I have made these apps • Safe Applications – Tested – Good coding practices have been adopted – Applications are tested thoroughly • No Attack Detection from Apps – Apps notify exceptions to the app owners – Apps provide no detection information
their incident handling processes and procedures Procedures We have built our security operations, but how can we assess the capability of the members of this team. Capability Being available and awake is the first step, but delivering the correct attack analysis at 3 am is the challenge. Preparedness How do we check the preparedness of my team and their capability to consistently deliver the correct analysis. Measurability We have it, we just need to measure its efficiency.
different attacks that exist, can be used to measure capability of your detection system CAPEC Common Weakness Enumeration, is already been used by software industry for better coding practices. CWE Security Content Automation Protocol is a family of tools that helps to bring together various aspects of security monitoring. SCAP The CERTIn conducts cyber drills to evaluate the detection capability and response systems of participating teams Cyber Drills Greener pastures for the Consulting Industry!