Secure Critical Systems and Intellectual Property Against APT

Protect yourself from being boarded and raided by cyber privateers.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Advanced persistent threats (APTs) are becoming more and more prevalent, targeting any and all organizations that have some valuable intellectual property or are laterally connected to a target organization.
  • Companies need to know how to protect themselves from an attack, track and quantify an attack, respond to an attack, and ensure maintenance.
  • Enterprise users need to know what a spear phishing attack looks like and what they should watch for in order to mitigate against their manipulation.

Our Advice

Critical Insight

  • APTs are a real risk to most organizations, regardless of size, and most don’t properly know how to defend against one.
  • A multi-layered defence approach is needed with specific tracking and monitoring capabilities.

Impact and Result

  • Identify your risk posture that identifies the likelihood an advanced persistent threat would be carried out against your organization.
  • Prioritize your security gaps based on the importance and achievability of each measure to ensure you are successful in your role.
  • Build the necessary layered security to defend, respond, and investigate an attack to ensure when an attack does occur you are covered across all aspects.

Secure Critical Systems and Intellectual Property Against APT

1

Identify and understand the organization’s risk position

Identify if the organization is a target, and create a risk posture.

2

Assess current security measures and identify and prioritize gaps

Identify specific APT measures already in place and assess and grade security maturity and capability levels.

3

Prepare for an APT attack and build the necessary defenses

Stop or degrade any attack against the organization.

4

Implement a response plan and investigate capabilities

Respond to an attack and learn from it to actively evolve the security systems.

5

Estimate the costs to develop and implement the organization’s governance plans for APT security

Get the most effective security system against the best APTs that will have senior buy-in.

Onsite Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess and Grade Current APT Security Measures

The Purpose

  • Validate your identified risk posture and likelihood for an APT attack.
  • Comprehensively grade your current security system.

Key Benefits Achieved

  • Identified risk posture for an APT
  • Graded current APT security measures

Activities:
Outputs

1.1

Validate your risk posture

1.2

Identify existing APT security measures in place

  • Identified risk posture

1.3

Assess and grade security maturity and capability levels

  • Graded APT security measures

1.4

Determine overall enterprise risk to an APT

Module 2: Perform Gap Analysis and Prioritization

The Purpose

  • Identify the current security gaps that must be bridged from existing security measures to the target state
  • Evaluate these gaps
  • Prioritize gaps

Key Benefits Achieved

  • Prioritized list of your APT security gaps

Activities:
Outputs

2.1

Perform gap analysis

2.2

Evaluate identified gaps

2.3

Understand and implement an enterprise risk tolerance

2.4

Develop importance and achievability levels for each gap

2.5

Prioritize your APT security gaps

  • Prioritized list of your APT security gaps

Module 3: Build the Defenses and Prepare

The Purpose

  • Build a strong end-user education and training plan
  • Improve threat intelligence
  • Limit and control user access
  • Implement strong security infrastructure
  • Develop active monitoring capabilities

Key Benefits Achieved

  • End-user training plan
  • Threat intelligence roadmap
  • Access control action plan
  • Infrastructure action plan
  • Monitoring action plan

Activities:
Outputs

3.1

Educate employees

  • End-user training plan

3.2

Improve threat intelligence

  • Threat intelligence roadmap

3.3

Control access

  • Access control action plan

3.4

Implement strong security infrastructure

  • Infrastructure action plan

3.5

Build active monitoring

  • Monitoring action plan

Module 4: Build Ad Hoc Attack Processes

The Purpose

  • Develop response capabilities to an attack
  • Develop investigative capabilities
  • Create sustainable APT security

Key Benefits Achieved

  • CIRT team
  • Incident management plan
  • Digital forensic understanding
  • Intrusion reconstruction ability
  • Responsibility and ownership allocation

Activities:
Outputs

4.1

Create a CIRT team

  • CIRT team

4.2

Develop an incident management plan

  • Incident management plan

4.3

Understand digital forensics

  • Digital forensic understanding

4.4

Develop intrusion reconstruction techniques

  • Intrusion reconstruction ability

4.5

Allocate responsibility and ownership

  • Responsibility and ownership allocation

Search Code: 74211
Published: February 14, 2014
Last Revised: February 14, 2014