Security @ UNB

How UNB is using policy, practice and technology to enhance cyber security

What are we here to talk about?

u UNBs

titanic cyber security struggle

u Using

threat intelligence for both tactical

and strategic decisions

u Moving

away from playing a losing

game of cyber security whack-a-mole

My background
u

Bachelor of Arts in Information and Communications Studies

(05). Master of Business Administration (15)

Former Canadian Army reservist (armoured vehicle driver &

gunner)

Former reporter for the provincial newspaper

Former web content strategist for UNB Communications &

Marketing

Accidental IT Security professional and fortunate member of

an amazing team

The Security Action Team (SAT)

u Provides

IT security leadership

u Formulates, implements and

coordinates

polices, plans and projects

u Incident Response
u Advises

IT security resourcing, technologies,

and community education.

About UNB
u

North Americas oldest

English public
university (Est. 1785)

11,000 students

2,000 FTE Faculty and

Staff

Hybrid IT environment
(centralized and
decentralized)

In defence of cybersecurity
Officially, ISO/IEC 27032 addresses Cybersecurity or
Cyberspace security, defined as the preservation of
confidentiality, integrity and availability of information in
the Cyberspace.
In turn the Cyberspace (complete with definite article) is
defined as the complex environment resulting from the
interaction of people, software and services on the Internet
by means of technology devices and networks connected
to it, which does not exist in any physical form.

What I think we do:

What clients think we do.

Why are universities a target?

u We

were designed to be open (were

easy)
u We have a treasure trove of PII
u We have valuable intellectual property
u We have others valuable intellectual
property
u We are a route into more secure orgs

Our challenges
u

We average between 83 and 55 attempts per second

to breach our network (massively automated threats)

We have more than 2.2 million security events daily on

our network

We have more than 500 offences weekly

We have as many as 120 compromised endpoints a

month (half of which are students)

We are the ultimate BYOD environment

The cost of a breach

u $184

dollars on average per record in

education, based on figures from a 2014
Ponemon Institute Study

Threat Intelligence Sources

u QRadar Security Inteligence

Event

Management (SIEM)
u Trend Micro Deep Discovery Malware
detection tool
u Kaspersky Anti-Virus Reporting System
u Government, industry contacts and
listservs
u InfoSec News Sources and Social Media

Malware CNC CallBacks (30 days)

Affected Hosts

Threat Patterns

Remote Intrusion Attempts Source

Remote Intrusion Attempts

Destination

Security Offences

Moving
beyond
tactical
response

UNBs move to IT Risk Management

IT Risk Management

ty
i
r
tu
a
M

Threat Analysis, Policy & Procedure Development

IT Security Operations

Day-to-day IT Operations

Iterative improvement model

Risk
Management

Threat Analysis
Policy &
Procedure
Development

IT Operations

Security
Operations

The Security Building Blocks

Risk Management, Quality Assurance and Standards Development

Operations

Service Desk

Security Action Team

Communications:

Service Desk
u Help

Desk escalates
threats to SAT
u Assists with user
education
u Desktop Group helps
harden end points and
triage compromises

Operations
u Systems

and Network
monitoring, reporting
of threats, ensuring
patching and
reporting policy or
procedure
compliance issues.
Participates in
incident response.

Communications
u Assists

with development and execution of

user awareness and culture change
campaigns.

u Assists

with developing and executing

incident communications

Security and Operations

u

Operations: Trying to keep the lights on

IT Security: ensuring compliance with protective measures

Critical to avoid ineffective communications. Security and

Operations groups in IT have different goals and in some
cases cultures. Critical to ensure alignment with overall IT
Strategy

The cross-functional workflow

Client provides
username and
password in phishing
attempt

Help Desk or Level One

advises + assists client
with safe password
reset

IT Security initiates
incident investigation

Operations staff
engaged to assist with
log review / access
checks

UNB Privacy Officer

engaged in event of a
potential data breach

Client advised of
investigation,
encouraged to take
awareness course

What fighter jets in the Korean War

can teach us about cybersecurity

The OODA Loop

Observe

Act

OODA
Cycle

Decide

Orient

A harsh truth:
u Simply

buying the latest

and greatest big shiny
security technology will not
make your organization
safer

u Strategy

+ Technology +
Process + People = Success

Security Strategy Pillars

Security Strategy

IT Security Policy
Data Governance

Security Architecture:
Tools, People, Process

Culture Change:
User Awareness +
Behaviour Change

Translating Cyber Security-ese to

Business-ese

Making the case

Where
cybersecurity
fits in Porters
Value Chain

The disconnect between threat

awareness and concern about
threats

Do you believe your organization

has an accurate picture on the
threats it faces on a daily basis?

61%

werent sure or werent confident

Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015.

How concerned are you about an

attack leading to a data breach?

Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015. N = 40

65%

very concerned

Anonymous, non-scientific poll conducted during a webinar I delivered in April 2015. N = 34

We need to change the

cybersecurity story.

Questions?