Page 14 - FCW, July/August 2018
P. 14

                                                     CYBERSECURITY CONTINUAL VIGILANCE
                               Seeking Robust Security,
Agency Turns to KPMG
When one federal agency wanted to help prepare the national healthcare sector to better handle
the rapidly growing threats to cybersecurity,
it contracted KPMG to do a full analysis of its cyber threats intelligence program. That included providing various products and templates that the staff could use to improve security.
“The challenge with any project like this is
to leave an organization with all of the tools, processes, integrations, and training necessary to be successful in its mission,” said John Kupcinski, KPMG’s federal cyber security director. “So, we also provide the training to produce skilled individuals at all levels, and particularly those who can articulate all of this to the agency leadership.”
KPMG used methodologies it developed
and combined with lessons learned at other government agencies. Many of the templates developed as part of the project remain in use at the federal healthcare organization, in one form or another.
As a result, KPMG’s analysts were invited back to provide threat context at the agency’s offsite planning sessions, which also included talks that formed the basis for clearer definitions of roles and responsibilities between the organization’s threat intelligence arm and its security operations.
  that organizations can use to focus and improve cyber risk posture.
Another advantage of CTI, according to Kupcinski, is its value to the broader enterprise, allowing for identification of internal/external sources and targets for attacks. If you are deploying new applications, you can use it to figure out what and how attackers might target and take preemptive actions. CTI can help support a Fraud, Waste and Abuse program by identifying potential malicious account activity. CTI can also help secure a supply chain by identifying vulnerable sub-contractors and vendors.
“A lot of time when we talk to organizations we evangelize additional scenarios outside of the security operations center and focus on core business processes associated with the most important work an agency does” Kupcinski said.
“Vulnerability management is a great place where agencies can see value with CTI,” he said. “It can show organizations what assets and systems contain sensitive information and marry this information to vulnerabilities that attackers may attempt to exploit. This allows an organization to create a prioritization schema that informs how patches are applied and which risks could be accepted.”
In May 2017, the WannaCry ransomware attack exploited a vulnerability in Windows’ implementation of the Server Message Block (SMB) protocol – and quickly spread across the globe. Organizations that were able to quickly identify this threat were able to put into place mitigations to protect vulnerable assets of value to an attacker.
Using CTI, Kupcinski said, makes it easier to prioritize which systems and individual users may be targeted and vulnerable to attack. Having identified these factors, the security team can put into place effective tools to manage exposure.
John Kupcinski
Director, Federal Cybersecurity KPMG LLP
This article represents the views of the author only, and not necessarily the views or professional advice of KPMG LLP. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
        PRODUCED BY: SPONSORED BY:
   













































































   12   13   14   15   16