Atlanta Security Operations 2011

CISO EXECUTIVE NETWORK

Atlanta Security Operations Executive Roundtable Breakfast

Thursday, May 12, 2011

8:00 am - 12:00 noon

Alston + Bird

Speakers

Jim Harvey  Alston + Bird

Brian Seaberg  Bit9

Jerry Perullo  Intercontinental Exchange on behalf of Tripwire

Don Gray  Solutionary

Member Discussion Leader

Martin Fisher  WellStar Health

Atlanta Member Martin Fisher Discusses Security Operations

As Director of Information Security, Martin Fisher is responsible for security operations at WellStar Health Systems. “However,” he quickly points out, “it is a matrix function here. I don’t report up through IT; I report to the compliance side.” There are some things in security operations that are IT intensive, so some portions of the operations are performed in IT. “The security operations that I have control over right now are evolving and are mostly on the policy side.”

The approach to security operations is broken down. “We combine monitoring and detection into one process,” Martin explains. “We believe you have to gather all the data you can without ending up performing a denial of service attack on yourself. You have to prioritize which areas make up your key systems. That way, when you do have detection of an issue, the response function can assess whether or not you really do have a problem going on.”

The number of false positives can be variable, he adds, but they are there. Recognizing what is a false positive and understanding how to best respond to them is vital to the reputation of the security group. “You don’t want to hurt the credibility of your group across the entire enterprise by being Chicken Little,” he says. “It also wastes an incredible amount of resources.”

During the response, there needs to be identification, isolation and eradication functions. “Eradication slides into remediation, where you making everything back the way it was.”

What steps does Martin take to make security operations more relevant to business operations? “Create a matrix structure,” he says. “Give the operations folks skin in the game. For example, in the healthcare environment, folks on the clinical side or who are part of the response team should realize security issues have real impact.” Bad things do happen, Martin says, and you want everyone to be working together. If others in the business see how they fit into the overall security picture, it encourages them to be more security conscious.

“If you do security operations well, that’s job security,” Martin says. “If you understand that you do get breached, your assets will be exploited. The day of counting only on your firewall or you AV are gone, if they ever really existed. If you want to be effective, you’ve got to do security operations well.”

Martin Fisher is Director of Information Security for WellStar Health Systems. He is responsible for developing and leading the security program for a 5 hospital community-based not-for-profit healthcare system. The program includes compliance with the HIPAA security and privacy rules as well as the PCI-DSS. I am responsible for creation and implementation of a Information Security Strategic Plan that complements and enables the CIOs Information Systems Strategic Plan.