Threat and Vulnerability Management Programs
DIVY Fast Data Security Platform – For most organizations, having enough data isn’t the problem. Instead, it’s knowing what to do with the massive amounts of data they have accumulated. At InCloud Control, we help clients go deep into their data to uncover real, actionable business insights —insights that point the way to value. We work with clients across virtually every industry, in critical parts of their business.
In each use case we take provided data and perform the following actions; full text indexing, filtering and the resulting smaller data frames can be sent to advanced analytic processing.
The Divy application allows data to be ingested from multiple sources, called a “Data Pump”, in order to map, analyze, and act on data. DIVY defines a corresponding data map to parse and clean the source. The data is then stored in a Bucket for further analysis either through the online reporting dashboard, providing real time query and graphical display, or a Divy Table construct. The Divy Table allows further filtering and condensation of data and provides the ability to perform actions with the selected fields.
Threat and Vulnerability Management programs include these major elements:
An asset inventory (Know what you have and where it’s located)
Threat and vulnerability analysis (Know your risk and what data is accessible)
- Penetration Test of applications and infrastructure (Know how bad guys can get to that data)
Ongoing Vulnerability management (Know what’s fixed, what needs fixed, and who fixed it)
- Continuous Coverage (Know when something isn’t right and how to fix it)
Each of these elements individually benefits the organization in many ways, but together they form interlocking parts of an integrated, effective threat and vulnerability management program.
To protect information, it is essential first to know where it resides. The asset inventory must include the physical and logical elements of the information infrastructure. It should include the location, associated business processes, data classification, and identified threats and risks for each data element. This inventory should also include the key characteristics of the information that needs to be protected, such as the type of information being inventoried, sensitivity ratings for the information and any other critical data points the organization has identified for its information.
This asset inventory should be readily available to the organization’s information security personnel, as well as to the data owners, internal audit, operations staff and any other individuals who access to that information. The inventory must be accurate and up to date to be effective. An optimal way to achieve this is to integrate maintenance of the asset inventory into the organization’s change management process. This will ensure that the inventory is current, and will initiate threat analysis activity if it is based on the characteristics of the data or whether its use, storage or maintenance has fallen short of specified information security criteria.
The physical elements of the asset inventory include the location and disposition of equipment (e.g., servers, routers and storage solutions), paper documents and physical storage devices associated with the organization’s data elements. The logical elements of the asset inventory include all of the organization’s electronic information assets, such as the data and information, operating systems, and applications.
Threat and Vulnerability Analysis
Threat and vulnerability analysis is an exercise that models a particular solution or business process against attack scenarios and known vulnerabilities to evaluate its resiliency or capability to repel attacks. It utilizes intelligence capabilities such as technical knowledge, behavioral science and business logic to model attack scenarios, the likelihood of such attacks and the potential business impact if the attack were successful.
Threat analysis activities require specific information. First, information must be gathered on the business process or solution to be analyzed, as well as the physical and logical data elements associated with it. Typically, this information is gathered from the business process owner and by utilizing the asset inventory. It is important to define the scope and boundaries of the business process solution; otherwise, the threat analysis can become incomprehensible to the organization and challenging to complete.
Some key additional considerations include the value of the solution or business process to the organization, the regulatory and/or legal constraints, and the impact on third-party activities. This information must be gathered through independent discussions with senior managers, consultations with regulators and interactions with third parties. Additional information can be gathered by examining the organization’s business continuity and disaster recovery plans, which should include this type of information for the critical business processes of the organization.
OSI+ Threat and Vulnerability Analysis Methodology
To perform threat analysis effectively, it is important to employ a consistent methodology that examines the business and technical threats to a business process or solution. Skilled adversaries use a combination of skills and techniques to exploit and compromise a business process or solution, so it is necessary to have in place a similarly multi-pronged approach to defend against them.
The OSI+ threat and vulnerability analysis methodology incorporates business and technology elements to provide a holistic view of threats to information infrastructure. It represents a lending of the six basic questions used in any analytical situation—who, what, when, where, why and how—with an expanded version of the Open Systems Interconnection (OSI) model commonly used in open-standards networking, whose layers roughly parallel the channels adversaries can use for attacks on information infrastructure. The OSI+ methodology enhances that model by adding two new layers to the conventional seven OSI layers: one representing people at the bottom and one representing process, procedures, standards and guidelines at the top.
Continuous Coverage with CyberDome
Security has never been an entry on a calendar. In other words security is not a project that has a beginning and end date – it is a program that is integrated into your operations and business workflow. InCloud Control takes security to that level of integration by providing alerts to your team and supporting remediation efforts with skilled resources on the tools and threats that are at the cutting edge of a hacker’s playbook.
The CyberDome was created exactly for this reason. Our resources are constantly learning the latest tools and understanding how they can best perform for our customer’s critical infrastructures. Let us show you how this program has saved companies $Millions over the past year.