Defending Data and Corporate Systems Without Sacrificing Revenue and Velocity
The New CISO - Podcast autorstwa Steve Moore - Czwartki
Kategorie:
On today’s episode, Tyler Farrar, CISO for Maxar Technologies, joins us to discuss the ins and outs of threat intelligence. He delves into the importance of not assuming malicious intent and his approach to compliance versus security. Introduction to Tyler Farrar Maxar Technologies is a satellite imagery and satellite manufacturing company. Farrar got his start with IT in the U.S. Navy. Working with the Cyber National Mission Forces to protect critical United States infrastructure. He was responsible for managing and leading a team of navy sailors and civilians. They would gather data and intelligence and he was responsible for commanding the mission of the operations. Threat Intelligence Farrar notes that many people misuse the term threat intelligence. Taking legitimate sources, forming a hypothesis about what this means within the company network and then acting on the hypothesis is the true process of threat intelligence. Farrar discusses how standstills can occur. Sometimes companies will find the source, but fail to use the information to better the company. A repeatable process in acting on intelligence is essential and should be used in the private sector. Farrar discusses misconceptions in log sources within threat intelligence. Working through key outcomes and identifying desired achievements can help formulate use cases. Outcome How would Farrar define an outcome as it relates to threat intelligence? It is centered around quick identification and action upon a threat. After identifying use cases, narrow down what information will identify a certain use case to be used. Consider making a chart of your company’s process. This can allow the process to be explained to others with more ease. Farrar notes the importance of working with key stakeholders in this process, as well. Insider Threat Insider threat is also a misconstrued area. People are very complex and thus insider threat is a challenging area. While there is no one approach, Farrar discloses advice to approach this: managing cyber security, reaching out to the employee when necessary and working with them to understand why an activity took place. From here, determine the right steps to take. How and when do you reach out and what do you say? With data loss on the line this can become challenging. Analysts How do we train analysts to have cognitive management and have a trust first mentality? Analysts can become quickly overwhelmed with a constant influx of alerts and false positives. When this continues, they can become burnt out. As leaders, try to motivate your employees to feel positive about their work environment. If they can tie their work directly back to the mission of the organization, this can be a large factor. Being mission centric can help align the employees to the business. Look at your goals. How much time is necessary for achieving them? Understand what activity from your employees is normal to avoid spending time and technology on unnecessary activities. Community Culture It takes time to change the culture of your business partners and the community as a whole. Many organizations want to be in a place where people come to them, but still need to gain confidence from others. It is easiest to utilize lessons learned from a crisis as a...