Remember the Stolen Data Impact Model (SDIM)

Just a quick reminder about the work we did a few years ago on the Stolen Data Impact Model (SDIM) project. 

Many clients continue to use the project, the analysis sheet and the insights across their incidents. 

To learn more, here is quick and easy category search with the relevant links. Click here.

As always, thanks for reading and a huge thanks for supporting MSI! 

DOJ Best Practices for Breach Response

I stumbled on this great release from the US Department of Justice – a best practices guide to breach response.

Reading it is rather reminiscent of much of what we said in the 80/20 Rule of Information Security years ago. Namely, know your own environment, data flows, trusts and what data matters. Combine that with having a plan, beforehand, and some practice – and you at least get some decent insights into what your team needs and is capable of handling. Knowing those boundaries and when to ask for outside help will take you a long way.

I would also suggest you give our State of Security Podcast a listen. Episode 6, in particular, includes a great conversation about handling major breaches and the long term impacts on teams, careers and lives.

As always, if we can assist you in preparing a breach response process, good policies, performing those network mappings or running table top exercises (or deeper technical red team exercises), let us know. We help companies around the world master these skills and we have plenty of insights we would love to share!

Three Talks Not To Miss at DerbyCon

 

Here are three talks not to miss this year at DerbyCon:

1. Bill Sempf (@sempf) presents a talk about pen-testing from a developer’s point of view. (PS – He has a stable talk too, catch it if you sell stuff in the Windows store) His work is great and he is a good presenter and teacher. Feel free to also ask him questions about lock picking in the hallways. He is a wealth of knowledge and usually friendly after a cup of coffee in the morning. Beware though, if he asks you to pick the lock to get to the pool on the roof… This talk is Saturday at 6pm. 

2. Definitely catch @razoreqx as he talks about how he is going to own your org in just a few days. If you haven’t seen his bald dome steaming while he drops the knowledge about the nasty stuff that malware can do now, you haven’t lived. I hear he also may give us a bit of secret sauce about what to expect from malware in the next 6 months. You might wanna avoid the first couple of rows of seating in this talk. He often asks for “voluntolds” from the audience and you might not look good in the Vanna White dress… His chrome dome presents on Friday at 7pm.

3. Don’t miss the Keynote by @hdmoore. His keynotes are always amazing and this time it appears he is going to teach you how to port scan the entire Internet, all at once and all in an easy to manage tool and timeframe. He probably will astound you with some of his results and the things he has seen in his research. It’s worth it! The Keynote is Friday at 9am. Yes, 9am in the morning. It rolls around twice a day now… I know… 🙂

Lastly, if you want to see me speak, you can find me on Friday at 1pm as I discuss and unveil the Stolen Data Impact Model (SDIM) project. Check it out! 

PS – There will be plenty of hallway talk and shenanigans at the con. Come out and sit down and chat. I can’t wait to talk to YOU and hear what you have to say about infosec, threats, the future or just what your thoughts are on life. Seriously… I love the hang out. So, drop down next to me and have a chat! See you this weekend!

 PSS – Yes, I might wear my “hippy hacker”/”packet hugger” shirt. Don’t scream “Packet Hugger” at me in the hallway, please, it hurts my feelings…. 

Hello from DayCon!

I have spent some time this week at DayCon in Dayton, Ohio. This is a small hacker conference, with attendance by invitation only. This year the event was focused on attack sources, emerging trends and new insights into the cutting edge of dealing with cyber-crime across many vertical markets and countries.

I speak later today, and I am focusing on the history of cyber-crime, the crime stream, the criminal value chain and how information coalesces before an attack. I look forward to my talk, especially given how engaged the crowd has been thus far with the other speakers. The hallway conversations have been great! 

Lots of variety in the speakers here, with professors, researchers, hackers and even some ICS/SCADA folks in attendance. Lots of good insights floating around and even a few new product ideas!

I’d highly suggest you check out DayCon next year.

PS – Also, looking at the calendar, we are prepping for DerbyCon next week. Come out and see us there. I will be speaking on the Stolen Data Impact Model (SDIM) project and other topics. Plus, as usual, we will be haunting the halls and swinging from the rafters! 🙂 See you in Louisville! 

SDIM Project Update

Just a quick update on the Stolen Data Impact Model (SDIM) Project for today.

We are prepping to do the first beta unveiling of the project at the local ISSA chapter. It looks like that might be the June meeting, but we are still finalizing dates. Stay tuned for more on this one so you can get your first glimpse of the work as it is unveiled. We also submitted a talk at the ISSA International meeting for the year, later in the summer on the SDIM. We’ll let you know if we get accepted for presenting the project in Nashville.

The work is progressing. We have created several of the curve models now and are beginning to put them out to the beta group for review. This step continues for the next couple of weeks and we will be incorporating the feedback into the models and then releasing them publicly.

Work on phase 2 – that is the framework of questions designed to aid in the scoring of the impacts to generate the curve models has begun. This week, the proof of concept framework is being developed and then that will flow to the alpha group to build upon. Later, the same beta group will get to review and add commentary to the framework prior to its initial release to the public.

Generally speaking, the work on the project is going along as expected. We will have something to show you and a presentation to discuss the outcomes of the project shortly. Thanks to those who volunteered to work on the project and to review the framework. We appreciate your help, and thanks to those who have been asking about the project – your interest is what has kept us going and working on this problem.

As always, thanks for reading, and until next time – stay safe out there! 

SDIM Project Update

Just a quick update on the Stolen Data Impact Model project for today. Basically, we have reached a point where have created an idea that the impact of stolen data should be a curve. We have decided to implement that curve across two axis measured in the following:

Risk to the organization – 0 – 10, obviously subjective.

Those values will be plotted across four time segments: Immediate, Short Term, Intermediate Term and Long Term. Some folks are still discussing if we need a Residual catch all for things that don’t ever go away. If you have thoughts on it, please weigh in.

Thus far, we are leaving the term definitions to the consumer. But we are generally working with them as variable as we run scenarios with variety.

The next step will be to build and publish a couple of quick and dirty sample curves for some common stolen data scenarios. Then, we will begin to generate the scoring mechanism and perhaps a questionnaire for doing the scoring on a more repeatable basis.

If you have thoughts, please weigh in via the comments or touch base with us on Twitter. I will be the main conduit for feedback (@lbhuston). 

Thanks for reading and this process is already proving helpful for some folks, so we enjoy working on it.