Abstract Details

<< Back to Schedule

9/26/2017  |   10:25 AM - 11:10 AM   |  

Cyber Threat Event Notification Challenges – A Reusable Design and Implementation Approach

Due to the continual increased sophistication and quantity of cyber-attacks, implementing and maintaining a robust cybersecurity architecture into a system is essential. One critical feature of all cybersecurity architectures that does not often get the necessary attention is effective cyber threat event notifications. All too frequently, the default configurations of event notification tools currently available do not provide the critical element of adequate suspicious cyber event notifications. These tools can come with either 1,000s of preconfigured rules, alerts and reports that must all be reviewed for relevance and adequacy or must all be manually created from scratch. Both common scenarios require extremely time consuming and costly engineering in order to produce useful and timely event reporting. To rectify these expensive and time consuming configuration challenges, it is critically necessary to create a reusable and customizable cyber threat event reporting reference implementation framework coupled with a set of initial cyber event notification guidelines. This presentation will first provide a brief overview of the governing policies that require cyber event collection and notification. Next, the presentation will provide a roadmap for key high level event reporting focal areas. The presentation will then discuss specific cyber event notification patterns to implement. Then, the presentation will detail a reusable and flexible cyber threat event reporting reference implementation framework that can be quickly tailored for use in most environments. The presentation will conclude with a set of reference materials that can be used for additional notification enhancements.

This presentation has not yet been uploaded.

No handouts have been uploaded.

Dan Kahn (Primary Presenter), ISC2, daniel.kahn@ngc.com;
Dan Kahn is a security architect who has a combined 17 years of system and software security engineering experience. He holds an undergraduate degree in Computer Science from Drew University and a Masters in Business Administration from Loyola University of Maryland. His certifications include an ISC2 CISSP-ISSEP, ISC2 CSSLP and INCOSE ASEP. Dan has given multiple cybersecurity presentations at software and system symposiums and conferences. He has published multiple cybersecurity articles.

2017 Sponsors: IEEE and IEEE Computer Society