This week, Stephen Ibaraki, FCIPS, I.S.P., MVP, DF/NPA, CNP has an exclusive interview with Robert Beggs.
Robert has been responsible for the technical leadership and project management of more than 300 consulting engagements, including policy development and review, standards compliance, attack and penetration testing of wired and wireless networks, third party security assessments, incident response, and forensic investigations of hacker activities and insider misuse and fraud. His clients are from the banking, insurance, brokerage, and mortgage industries, as well as several small and medium enterprises.
Previously, he has provided security services for the RBC Financial Group and Netigy, a global network and security infrastructure firm based in San Jose. He has also worked for Nortel Networks in the Systems Engineering group as a specialist responsible for developing new IP-based services for global telecommunications clients. He holds an MBA in Science and Technology from Queen's University, and is a Certified Information Systems Security Professional and a Certified Information Systems Auditor.
The latest blog on the interview can be found in the IT Managers Connection (IMC) forum where you can provide your comments in an interactive dialogue.
Interview Time Index (MM:SS) and Topic
|:00:31:|| ||Can you provide a profile of your roles and challenges?|
"....I'm involved with a firm called DigitalDefence and we specialize in penetration testing and incident response data forensics. These reflect the challenges that we are facing in the security environment right now...."
|:01:59:|| ||What are your recommendations for security governance and defense in depth?|
"....Before you adopt a set of standards - governance will only come from having a committed executive....Build on that committed executive - you've got to translate that will to be secure into some sort of means to providing security....Carry that defense in depth strategy one step further in from the edge - involve end users as part of being your defense in depth strategy....Don't look at the defense in depth for technology, look at the defense in depth for people...."
|:05:05:|| ||What are your best practices regarding virus protection?|
"....Acknowledge the potential for failure. Minimize the impact by having multiple overlapping products. Control the use of those products. Be prepared for the eventual failure that you will have malware resident on your system at some point in time. If you recognize that then you are prepared for the next steps which are how do you deal with malware resident on your system..."
|:07:48:|| ||How about malware removal and what are your recommendations?|
"....To a large extent it depends on what exactly the malware is....The challenge that comes in removing a virus is really the challenge of finding out how it got there and then trying to assess the damage that's been done...."
|:10:07:|| ||What can you say about corporate espionage?|
"....What we are seeing now of what we call corporate espionage has moved down to smaller firms....We are seeing across the globe right now a marked increase in cases of corporate espionage. The cases that we're seeing are not just denial of service....but we're seeing theft of information for resale....disgruntled insiders that steal intellectual property from a company and then leave to start their own competing company...."
|:13:19:|| ||Do you have some recommendations of some good products?|
"....What you have to look for in defining what makes a good product: It has to integrate with your end-to-end network....It has to be controllable...It's got to be simple....One of the things I've been tracking is Microsoft's Forefront line. From our perspective, dealing with security across organizations, this is probably the best system that you can use when you need to put in an end-to-end from the edge to the client security system...For a Microsoft-based network this is the most effective way of making sure that you have addressed all of the components that the malware is going to be coming across, both coming from the outside in and the inside going out....."
|:15:46:|| ||What are your views on Incident response and the need for agility in responding to a security breach?|
"....The only thing that marks your ability to survive from a business perspective and carry on and keep your business functional, is your ability to respond to that incident in the best manner possible. So what we have developed is a methodology that we call Agile Incident Management, which is a totality of proactive and the reactive measures to help manage data security incidents...."
|:19:43:|| ||Please share your expertise on live system forensics - what you should do before you pull the plug.|
"....This is probably one of the most interesting movements and changes that are occurring in the information security field right now. That is the acknowledgement that a system that is live probably contains about 80 or 90 percent of the information that you need in order to respond to an incident or even to pursue an attacker who has broken into your network...."
|:26:56:|| ||Can you explain employee misuse of corporate resources and the role of data forensics?|
"....The economic downturn isn't just disgruntled employees. We have seen a radical shift in the nature and the complexity of insider attacks...."
|:32:06:|| ||Provide your predictions of future IT/Business security trends and their implications/opportunities?|
"....We are seeing the nature of the attack has moved away from an amateur or a skilled practitioner up to what we call professionals....Visualization....As companies are suffering security breaches, more and more you are going to see a requirement for organizations to pay attention to data forensics...."
|:36:08:|| ||Which are your top specific recommended resources and why?|
"....Bruce Schneier....Harlan Carvey's 'Windows Incident Response blog'....various Microsoft's security blogs and sites....SecurityFocus....various nationally focused blogs and sites....One of the best resources is to physically go out and network with the people who are engaged in the industry itself....Security user groups....Security conferences...."
|:41:21:|| ||If you were doing this interview, what questions would you ask and then what would be your answers?|
"....Incident response - how is the environment changing?....What should I know to respond to a security incident, not just from a technical perspective but from a management and an executive perspective?...."
|:45:05:|| ||Robert shares some stories from his travels and experiences.|