Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1136584
www.vanguardcanada.com JUNE/JULY 2019 33 CYBER teams and ISS; (3) develop a capability inventory of DCO/ITS and ISS focused on what actions can be taken by a given tool; and, (4) develop business processes across the security, cyber, and ISS com- munity to tune cyber defence infrastruc- ture to the environment. For the past decade, Nicholas Scheurkogel has led key cyber intelligence capabilities at the Department of National Defence (DND) including strategic cyber assessment, tac- tical support to cyber defence teams, and intelligence operations. Since 2006, he was the go-to cyber threat expert at DND and beyond. He is currently Director, Cyber In- telligence at Cytelligence. ability needs to be mitigated faster than normal, the bulk of the daily use of VM tools is better put to use by ISS gathering information on devices they manage and working to fix them. There are many other examples where this approach can be applied. Endpoint detection and response tools, normally used to identify and track malicious ac- tions, can be used to provide indepen- dent monitoring of the health of other enterprise management tools, such as Microsoft's System Center Configura- tion Manager (SCCM), or to investigate outages on a device caused by misconfig- ured programs. Tools like a host intru- sion prevention system could be set up to monitor for known problematic user or program actions and automatically block them. Some endpoint security tools can even manage software that was deployed without organic remote management fea- tures, reducing ISS support overhead. Organizations responsible for ISS should take full advantage of the DCO/ITS tools on their networks to support their own tasks and to help maintain the tuning of those tools in relation the network. Enterprise Program Considerations Maximizing the value of any security in- vestment requires that an organization has a concept of where that value should come from and the means to affect busi- ness processes and activities required to implement it. Any organization that in- vests heavily into cyber security and de- fence capabilities should have a concept for how ISS and DCO/ITS are synchro- nized. To accomplish this, it would likely be necessary to: (1) eliminate the idea of tool/capability ownership and replace it with a needs-to-capabilities approach; (2) establish bi-direction supporting/sup- ported relationships between DCO/ITS Connect with OEMs, suppliers and senior government officials at the largest aerospace, defence and security expo in Western Canada. REGISTER TODAY AT ADSE.CA ABBOTSFORD 2019 AUGUST 8-9, 2019 TR ADEX CENTRE, ABBOTSFORD, BC Presented by