July 2016 SAFE Newsletter
By Shivani Malik
A SIEMple Method for Reducing Risk
Security Information and Event Management (SIEM) has become a corner stone tool for financial organizations to assist them in meeting regulatory demands to protect confidential information and prevent malicious attacks. But did you know that SIEM helps reduce overall risk within a financial organization because it assesses aggregated threat data that, when analyzed knowledgeably, provides useful insights into potential malicious activity.
To decrease risk, financial organizations should incorporate an advanced SIEM solution, which aggregates data from numerous sources, relies on mining data for security information, and utilizes experts to detect advanced threat activity. Implementing a SIEM solution with all these elements will allow the financial organization to take a more proactive stance against threats, vulnerabilities, and malicious activity. Does this sound overwhelming, too complicated?: Well it doesn’t have to be. Follow the next six steps and you will be well on your way to implementing and managing an effective SIEM solution that reduces risk by allowing the financial organization to take an offensive stance to information security.
Six SIEMple Steps to an Effective SIEM Solution
1. Document the Scope- The scope should dictate the individual protections being monitored.
2. Define Clear Threat Events– Definitions should be developed to define threat events of interest
3. Utilize Correlated Data Points – Monitoring parameters are clearly defined and use in-scope correlated data points to assess network activity.
4. Implement Incident Handling Policies - Each event of interest should have an incident handling policy, which includes service level agreements for mitigating the issue and a follow up processes to assess standard operating procedures for security analytics.
5. Maintain Audit Trails – An audit trail should be maintained to track the events of interest, the incident handling policy, and the time it took from detection to remediation.
6. Analyze Knowledgeably- A refined expertise is beneficial when analyzing correlated data points to detect attacks and therefore the person responsible for monitoring, reviewing, and managing the collected information should be skilled in assessing correlated events and determining whether they present a threat.
Clearly defining the parameters of the implemented SIEM service reduces risk by increasing the protection offered by firewalls, authentication, IDS/IPS, and other logging devices. In order to clearly define the parameters of the SIEM service, threat event definitions and mitigation activities should be documented and followed. Additionally, these parameters should adhere to rules and regulations promulgated by each respective regulatory body.
A SIEM solution if clearly defined and implemented can provide a financial organization with proactive protection while effectively reducing the risk of attacks.
There is no doubt about it: Information Security (IS) Risk is this year’s buzzword in the FinTech arena. How to reduce IS risk utilizing technology? How to reduce risk by honing processes? How to reduce IS risk by changing human behavior? No matter where you turn in this industry everyone is talking about risk, specifically, how to reduce it. Financial organizations are leading the charge; but in order to assess risk properly it must be managed properly.
Risk Management is the forecasting and evaluation of risks in conjunction with the identification of procedures to avoid or minimize the impact of those risks. In order to properly forecast risk you must first objectively evaluate risk within the financial organization. One method to evaluate risk is to utilize a risk assessment. Within the risk assessment an evaluation of inherent risks and controls is conducted resulting in residual risk which is either accepted by the financial organization or mitigated by implementing additional controls. Although conducting a risk assessment is one facet of Risk Management it cannot be the sole method for managing risk within the organization.
Financial Organizations should consider implementing a Risk Management Program that defines how risk is evaluated and perceived throughout the business. This Program should have a clearly defined risk appetite statement, a statement that describes the risk position of the financial organization. The risk appetite statement should be aligned with the financial organizations strategy and managed by the Board of Directors and Senior Management. Additionally, it should provide a process describing the appropriate times to utilize a risk assessment and how to conduct the risk assessment in accordance with the financial organizations risk outlook. In addition to conducting risk assessments, training personnel regularly throughout the year on processes will assist in implementing the controls that mitigate risk. By implementing and following a sound risk management program financial organizations can reduce risk throughout the organization.
Choose all situations where a risk assessment should be conducted.
a. New application selection
b. Evaluating safety and soundness for audit/exam purposes
c. Limited knowledge is available to properly manage threats and vulnerabilities.
d. Evaluating Vendors
a, b, c, d
Information Security Tip of the Month:
To proactively protect financial organizations from threats and/or vulnerabilities they should consider implementing an advanced SIEM service that aggregates data from various sources.