Page 34 - Publication6
P. 34
me your Social Security Number, fill out these forms (I-9 Only IT departments with the greatest level of SIEM
and W-4) and welcome aboard. Wherever you have ever maturity, with the brightest resources and tested solutions
worked (and where taxes were collected), a paper trail is will be able to mitigate the breach risk. But commercial
created for you, the new hire, that may or may not be secure (including government for that matter) IT departments
from identity theft, it is up to the paper-collecting will not be able to go it alone, they are going to need the
organization. In my profession – marketing & advertising assistance of the IT vendor community which is focused
– the average tenure at a job is around three years, so we on security and forensics 24/7 and 365. With the recent
marketers have amassed quite a paper trail at each stop Cybersecurity Summit in February 2015 organized by the
along the way. And the Government or Industry standard U.S. Government, the wheels appear to be in motion to
(protocol) for storing this data securely in a file cabinet or establish a united front to fight cybercrime. But with
in digital format does not yet exist. Each organization is left reports of rumblings from Google, Facebook, and Yahoo
up to their own due diligence for the protocol, which is a over alleged recent NSA spying, it is possible the alliance
scary proposition. The breaches we have seen over the past may never come to fruition.
year at Home Depot, Target, Anthem, Staples, Sony
No dent will be made in the cybersecurity war until…
Pictures and other high profile brands did not take place
Will the President�s Executive Order at the Stanford
in the absence of adequate SIEM systems in place. Each
Cybersecurity Summit make a difference� The short answer
organization had security systems and teams of IT
is it brings awareness, but no dent will be made in the
professionals, no doubt, amounting to millions of dollars
cybersecurity war until a united front with the U.S.
in each organization.
Government, its allies, and the commercial sector is forged.
Cybersecurity consulting firm Fortalice�s CEO Theresa
The problem with getting your arms around SIEM is that
Payton is correct to state that government and commercial
it is in IT and IT is incredibly complex. Every week, each
sectors are too reactive to cyber threat, and urges change
new employee hired contributes to the IT complexity
in the way we collect data. Payton urges companies to
problem with the IT they bring with them to the
rethink the types of information – i.e. Social Security
organization – personal/company phones,
Numbers – that is collected and stored, but the rethinking
personal/company PCs, tablets, company email accounts,
will only take place if prodded by a standard, much like the
company network access, etc.). For best practice SIEM,
rethinking that took place with credit card data when the
each keystroke on each device should be accounted for (as
Payment Card Industry Security Standards Council was
a collected log file) and understood (as an interpreted user
formed.
interaction) so that in the event of a breach, immediate
action can be taken and soon after, forensic investigation.
Worth noting here is that neither Intel nor IBM made the
In a large enterprise where there are hundreds of thousands
news from the recent cybersecurity summit (At this
if not millions of entry points of intrusion, it is nearly
writing, I am unaware if they were invited participants.).
impossible to track and monitor all.
For it is going to be up to the likes of Intel, IBM, Samsung
and Apple joining forces with the likes of Microsoft, Oracle,
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
