FFIEC Cybersecurity Maturity Assessment Tool

Financial institutions have to be vigilant in the face of a continually evolving cybersecurity threat landscape. As these have attacks have evolved, regulatory bodies have updated their regulations to account for the increasing threat of cyber risk. In 2015, following a significant increase in nation state and hacktivist attacks on U.S. financial institutions, the FFIEC released new guidance and a Cybersecurity Assessment Tool for institutions to self assess their risks and determine their cybersecurity maturity. This was revised in 2017, and this consistent framework is intended to be able to help leadership and the board assess their preparedness and risk over time. This framework is especially relevant given the recent FFIEC Architecture and Operations update and the Executive Order on Cybersecurity from 2021.

The purpose of this blog is to assist our IT based customers and partners with a concise and high level understanding of the FFIEC Cybersecurity Assessment Tool and derivative impacts on their current and future day to day operations. It is part of a multipart blog series on financial regulations and how to manage them architecturally, geared towards IT leadership.

The Cybersecurity Assessment Tool is fairly intuitive to use and the exercise should not be arduous for an organization to complete. The assessment applies principles of the FFIEC IT Handbook and the NIST Cybersecurity Framework. The intention here was to be complimentary to existing frameworks and supportive of existing audit criteria. The FFIEC has released a mapping of the Cybersecurity Assessment Tool and the NIST Cybersecurity Framework to the FFIEC IT Handbook.

How the Assessment works:

The assessment itself involves two primary components: an institution first creates an inherent risk profile based upon the nature of their business, and determining cybersecurity maturity. The inherent risk profile is an institution’s analysis of its key technologies and operations. These are mapped into categories and include:

1. Technologies and Connection Types

2. Delivery Channels

3. Online Mobile Products and Technology Services

4. Organizational Characteristics

5. External Threats

The tool itself provides guidance on criteria to sell assess risk based on the different characteristics of an organization, which simplifies completion as well as consistency. By having explicit guidance on how to self assess into different risk categories, the leadership for the institution can ensure they have a consistent understanding of what the risk entails.

Below is a snippet of the inherent risk profile, of note is the intuitive and consistent guidance on how to classify risk within each domain.

The second aspect of the assessment is understanding cybersecurity maturity. This section can help leadership understand the risk and appropriate controls which have been put into place. It creates five levels of maturity, from baseline to innovative, and we use these to measure preparedness of the processes and controls for five risk domains:

1. Cyber Risk Management and Oversight

2. Threat Intelligence and Collaboration

3. Cybersecurity Controls

4. External Dependency Management

5. Cyber Incident Management and resilience.

The five domains include assessment factors and declarative statements to help management measure their level of controls in place. What this means is there are statements within each assessment factor that describe a state. If those descriptive statements matches a financial systems controls, then they can claim that level of cybersecurity maturity. Of important note however, as in the picture above, the levels are additive, like a hierarchy of needs. What this means is that if there is a statement in innovative that matches some of your organizations controls, but you haven’t satisfied the statements in the “advanced” guidance, you can not measure your institution as innovative in that domain. Likewise, an intermediate level of maturity assumes that all criteria in the evolving level, have been met.

The five domains each have various assessment factors. For example, in cybersecurity controls there are assessment factors for preventative, detective, and also corrective controls. Each of these assessment factors will have contributing components which are then measured. An example of this is within the preventative controls assessment factor, there is components such as “infrastructure management” and “access and data management”.

It becomes easier to envision when evaluating the assessment document and the corresponding components. As can be seen in the below cybersecurity guidance, there are a number of explicit statements that describe maturity at a particular level and mapping to regulatory requirements. Through satisfying these statements you can appropriately match your institution to its level of cybersecurity maturity.

The Next Step

Following completion of an inherent risk profile and cybersecurity maturity an organization can determine if they have the appropriate controls in place to address their inherent risk. As inherent risk increases, obviously a higher level of security controls should be positioned to provide a level of control around that risk. A conceptual guidance on how risk should map to maturity is outlined below. Where this becomes important is not only in determining a point in time deficiency, but understanding that as new projects, acquisitions, or the threat environment changes, leadership can understand whether increases in security controls need to be applied to adequately address a material change in risk level.

Derivative Impacts on Infrastructure and Security Teams

The Cybersecurity Assessment is a useful tool for financial institutions to consistently provide leadership a synopsis of the state of the institution. But how this translates downstream to day to day operations of architects may not be explicit. There are a number of areas in the Cybersecurity Maturity section where explicit guidance is given which we have seen undertaken as projects at our customers, as well as across the industry. Below are a few themes we have seen gain in prominence since the publishing of the assessment. These weren’t generated by the assessment itself, but are common themes across the industry. Through this blog, the intent is more to provide a high level synopsis of how these projects influence, and are influenced by, and measured through, the regulatory bodies.

1. Segmentation is explicitly called out with guidance given on how to measure. We have seen this translated across the industry as both Macro and Micro segmentation approaches, and both of these are complimentary. These have driven technologies such as SD-Wan, SD-Access, ACI, and VXLan based segmentation.

2. Managing infrastructure and lifecycle hardware and software versions are measured. This practice isn’t specific to just this assessment and it has become a common theme to be able to keep devices in patch management. It is a shift from some institutions “sweating their assets” to a proactive model for managing. What had been observed was “hackers love sweaty assets”, with most exploits targeting known vulnerabilities. This should translate into any new technology investment having a lifecycle that can ensure the full depreciation of the asset while maintaining patch management.

3. Analytics and telemetry have driven significant investments in cybersecurity operations team’s ability to understand and act upon emerging threats in real time. Leveraging existing assets as sensors or sources of meaningful telemetry is important as deploying dedicated appliances to the larger attack surfaces of campuses, branches, and wireless  nd can be prohibitively expensive plus operationally unsupportable.

The above is just a few of the many derivative impacts that affect our infrastructure and security teams. With increasing nation state guidance on security and privacy, to include the U.S. Executive order on Cybersecurity, additional tightening of conformance to address evolving security risks is happening. A lot of the increased focus aligns to areas which occur within existing domains that are included in existing frameworks. The FFIEC Cybersecurity Maturity Assessment is a simplified tool that can help a board member understand which security controls should be addressed first.

Source: cisco.com

Continue reading

Top Resources to Streamline Cisco 350-401 ENCOR Exam Preparation

The Implementing Cisco Enterprise Network Core Technologies exam, also known as the 350-401 ENCOR, is a significant challenge. It is a prerequisite for four distinct Cisco certification paths, i.e., CCNP Enterprise, Cisco Certified Specialist – Enterprise Core, CCIE Enterprise Infrastructure, and CCIE Enterprise Wireless.

Continue reading

Cisco Wireless 3D Analyzer: High Level View on Latest Innovations

Wireless connections are ubiquitous and have become a part of our daily lives no differently than electricity. Planning, maintaining, and troubleshooting  WiFi networks, optimized for today’s radio coverage and capacity requirements, may not be a simple task for an otherwise seasoned wireless network engineer.

Read More: 350-801: Implementing Cisco Collaboration Core Technologies (CLCOR)

While wireless technologies are ubiquitous, they interact steadily with the physical environment.  Architecting the best wireless coverage for a specific environment depends on many different physical factors like obstacles (walls, doors, windows), building geometry, furniture, and materials as well as the user density and intended usage. Different environments encounter a wide range of complexity across different verticals. For example, covering a moderate sized enterprise-office space could be as simple as correctly placing some APs (Access Points) with omni-directional antennas, while covering space with high ceiling such as a warehouse necessitates directional antennas to optimally cover the space and requires more engineering to get it dialed-in right. The challenge is that RF, unless visualized somehow, is invisible.  Providing the “super-power” to view the RF in sufficient context to determine the correct angles, power, coverage, and capacity needs requires innovation using specialized and outstanding tools. 

Cisco Wireless 3D Analyzer goal is to address challenges like these and enable RF design like never before possible! Cisco customers had access to this innovation starting with Cisco DNA Center release 2.2.3 providing features like the following: 

Figure 1. A few examples of Cisco Wireless 3D Analyzer features

What’s new? 

As we continue to drive innovation and lead the market with RF visualization, Cisco DNA Center release 2.3.3  brings new amazing key Wireless 3D Analyzer functionalities. This extends Cisco DNA Center’s tooling set and enables impeccable user experience on the wireless network. Below are a few of the new functionalities: 

Multi-floor Management

In scenarios where a network engineer needs to provide WiFi coverage in a high-rise office building, APs will be placed on each floor of the building to have the level of coverage desired (i.e. –65DBm). But one of the crucial issues is that APs on a given floor could create interferences to the adjacent floors below or above. This is why Cisco Wireless 3D Analyzer introduced the multi-floor view to provide the 3D perspective. Using this new functionality, the user can select adjacent floors up to 2 floors above and 2 floors below. Therefore, they can see what the contributions of RF impacts on the current floor are.

Figure 2. Multi-floor contributions

In figure 2, we can clearly see the contributions of intra-floor interferences from the floor above and below.  

Coverage Area Management

The Cisco Wireless 3D Analyzer Insights View allows an amazing deep dive into possible issues the wireless network can experience, and it can be configured according to key parameters and KPIs as shown in figure 3 below 

Figure 3. Example of insights configuration

A common use case is where the network engineer is interested in a specific area of the floor as opposed to the entire floor. Therefore, Cisco Wireless 3D Analyzer added the Coverage Area feature that allows the user to easily define the area of interest for a floor as shown in figure 4.

Figure 4. Coverage Area Management

With this functionality, Wireless 3D Analyzer will compute the insights for that specific area of interest to the network engineer.

3D Client Location

Wireless networks are there to support clients (humans or machines). Wireless 3D Analyzer now supports a Client Location View depicted in figure 5 below.

Figure 5. 3D client Location

Taking advantage of the integration with Cisco DNA Spaces, location analytics, and the related triangulations of the client’s positions, Cisco Wireless 3D analyzer can show the client’s location in the 3D space. Moreover, for those clients, Cisco DNA Center can track data around RSSI, SNR, or health scores in the same position. Finally, it collects all the available client data and shows it by clicking on the client on the 3D map. 

WiFi 6E Support 

Cisco recently shipped the first WiFi 6E APs (see more info at Cisco 6E launch), so Wireless 3D Analyzer supports and integrates the new 6GHz band together with the new WiFi 6E AP models.

Figure 6. 6GHz management within Wireless 3D Analyzer

In the picture above we can see how the coverage iso-surfaces change using the 6GHz band for the selected AP. 

Source: cisco.com

Continue reading

Operationalizing Objectives to Outcomes

As part of our digital transformation, my Cisco colleagues and I were getting trained on business agility in our ONEx organization. Any transformation needs an effective way to measure the success at the end and throughout, and as part of our initiative, I could see there was enough awareness and emphasis given to metrics and measurements.

The training also addressed some points from the book “Measure What Matters,” which peaked my curiosity and inspired me to start reading it. It is a fantastic book with the origin of the Objectives and Key Results (OKR) concept and how companies have leveraged the framework. I wanted to share a bit here about how Cisco also embraces this framework – and more – in our organization, in a slightly customized and enhanced way, and how it can be extended further.

Finding Middle Ground between Vision, Strategy, and Execution

Although the OKR framework has generated more interest in recent decades, goals and metrics themselves have long been the foundation to any company to identify, set and succeed. As with technology, our approach to goals and metrics has also evolved over the time, namely to include a couple key concepts: MBO or Management by Objectives, and VSE or Vision, Strategy & Execution, extension of this, VSEM, to include Metrics.

Vision

The Vision has represented the true north-star of what the company wants to achieve. If we time box it, perhaps, 3 to 5 years or beyond, Vision does not change often unless the company goes through a major transformation or change of business. However, at an organization level or function level, it could change a bit but still align to the overall company vision. And, as you can imagine, there is still a healthy internal debate about whether one should have ONE single vision for all or a vision at each lower of functional levels – and different companies handle it in different ways.

Strategy

While Vision is a starting point, we need other elements to take it further. Strategy is the next level of Vision – how you plan to accomplish the vision. This could be multiple levers (or initiatives or methods or ways) to achieve the vision: A strategy, approach, or means to plan for the execution of it and, finally, deliver the desired outcome or results.

Execution

If Vision is the desired outcome, and Strategy is the big plan, then Execution is the detailed plan. The key to Execution is measurement, and thus it is often broken into smaller chunks – goals or objectives – which are easier to accomplish and show progress.

Finding Meaningful Measurements

In the process of transforming our operations I’ve found several things to be true, and helpful, during this endeavor:

1. As Peter Drucker said, “What cannot be measured, cannot be improved“, but even before improving upon a thing, identifying and establishing the right set of metrics is key for any goal. Drucker also observed, “A manager should be able to measure the performance and results against a goal.” However, truly effective organizations must not limit measurements to the management level, but instead, equip employees at every level to identify and track meaningful metrics. These metrics could be milestones or KPIs and can be annual, quarterly, or even monthly. Some of these metrics could be in multiple systems (say ERP or CRM or ITSM) or Project Portfolio Management tools. The goals and objectives can be (and in some cases should be) inherited either vertically or across the organization or cross-functionally beyond the organization for shared goals.

2. When employing new measurement metrics within a company, the ideal scenario would be to integrate, automate, and bring all of these metrics into one single dashboard. A one-stop shop for metrics viewing simplifies the process, ensuring that there is minimal manual work involved in updating these metrics periodically. Several of the SaaS solutions provide APIs that can be used to easily integrate and get the needed metric and based on a set threshold, can even provide indicators about whether metrics have been achieved, and communicate that critical information in real-time to impacted teams.

3. Although Goals & Results could be separately reviewed from employee performance review discussions, the ideal would be to review them together.

4. WHAT was achieved should be equally evaluated with HOW it was achieved. Equally important to the Vision are the types of behaviors that were exhibited to accomplish these results, and they should be reviewed to ensure that we understand and agree with the methods and the values represented in the achievement.

5. It’s critical that metrics and measurements are looked at holistically and together. Operationalization of the entire framework, process, or activity makes it efficient for the organization, but defining and setting meaningful metrics cannot be a one-time activity. Putting a structure and defining these annually is a good start but this is just the beginning – goals need to be measured, reviewed, revisited, and adjusted as needed.

Operationalization of the OKR framework can include various elements:

1. Conducting reviews at Initiative, Program, and Project level – leveraging metrics from the Portfolio Management and other IT Systems/Tools

2. Organizational health metrics from various sources

3. Ongoing operational reviews (RtB or Run your Business) – both IT (ideal to do weekly, monthly, and quarterly) and Business Reviews (ideal is Quarterly)

Among all of these observations I’ve made through this process, one of the most critical ones is that the information about meaningful metrics cannot be created and kept safe somewhere secretly. Instead, it needs to be published centrally, so that anyone can check on the goals of their colleagues and leaders at any point in time. This not only brings transparency and trust but also avoids duplication when found.

We are still in the process of creating a more mature, sophisticated practice around our internal OKRs, and in parallel, my colleagues across Cisco are also applying metrics to inform smarter, more efficient operations within our customer organizations.

For those who want to dig into the topic even more deeply, click here to learn more about how Cisco’s IoT practice is using metrics as a powerful tool in our customers’ digital transformation.

On that note, how is your team doing it? What can you share about what it takes to set and achieve measurable goals in your organization’s digital transformation? 

Source: cisco.com

Continue reading

Compliant or not? Cisco DNA Center will help you figure this out.

Clear visibility of device compliance is key for network operations. One of the biggest challenges though is to agree upon the definition of compliance since different environments have different requirements. The purpose of this blog is to share the current compliance capabilities in Cisco DNA Center that will help network administrators to keep the infrastructure safe and consistent.

The current version of Cisco DNA Center, looks at device compliance from five different lenses in a non-SD-Access network: startup vs. running-config, network profiles, application visibility, software image, and critical security advisories.

Figure 1: Compliance Types

Startup vs Running Configuration

Have you ever configured a device and forgotten to save the running configuration only to have the device reboot unexpectedly?  The result of this could be catastrophic resulting in numerous issues in the network. Even though the preferred method for device configuration is through Cisco DNA Center, manual changes are still permitted. To avoid inconsistencies between startup and running configurations, Cisco DNA Center provides a compliance check by flagging any devices that have a startup and running configurations that don’t match.

In the snapshot below, we see how Cisco DNA Center provides visualization of the differences between the running and startup configuration.  In this example, the network administrator manually added a description to an interface and forgot to save the new configuration. Cisco DNA Center also provides a way to remediate this problem with a button to “Synch Device Config” which saves the running-config into startup-config.

Figure 2: Config Differences and Remediation option

Network Profiles

One of Cisco DNA Center’s greatest values is the automation it brings by leveraging Intent-Based Networking (IBN). One of the constructs that Cisco DNA Center uses to implement IBN is network profiles. Network profiles contain different aspects of intent-based networking including wireless and model-based configuration (for wireless devices) and templates (for all devices). Via compliance checks, Cisco DNA Center can flag any configuration deviation from these constructs.

Let’s say that we have a simple template in Cisco DNA Center pushing a “vlan” configuration to a port:

TBRANCH-C9200L-2#show run int gig 1/0/7

Building configuration...

Current configuration : 344 bytes

!

interface GigabitEthernet1/0/7

description Description pushed by DNAC Template -- lan

switchport access vlan 419

switchport mode access

device-tracking attach-policy IPDT_POLICY

ip flow monitor dnacmonitor input

ip flow monitor dnacmonitor output

service-policy input DNA-MARKING_IN

service-policy output DNA-dscp#APIC_QOS_Q_OUT

end

In this example, we will assume that someone manually removed the “vlan” configuration that has been pushed by Cisco DNA Center templates:

TBRANCH-C9200L-2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

TBRANCH-C9200L-2(config)#int gig 1/0/7

TBRANCH-C9200L-2(config-if)#no switchport access vlan 419

TBRANCH-C9200L-2(config-if)#

This action will trigger a “Network Profile” compliance violation as seen in the snapshots below:

Figure 3: Network Profile Compliance Violation

Cisco DNA Center clearly identifies the template that has been changed in the device and the specific lines of configuration that have been removed:

Figure 4: CLI commands from Template not present in the config

Application Visibility

Cisco DNA Center also leverages Intent-Based Networking (IBN) to provision devices for visibility of applications through CBAR and NBAR.  If there are any changes to this intent, the devices will be marked as non-compliant for “Application Visibility” as seen in the example below.

The device has CBAR (Controller Based Application Recognition) enabled via DNA Center:

interface GigabitEthernet1/0/7

description Description pushed by DNAC Template -- lan

switchport access vlan 419

switchport mode access

device-tracking attach-policy IPDT_POLICY

ip flow monitor dnacmonitor input

ip flow monitor dnacmonitor output

service-policy input DNA-MARKING_IN

service-policy output DNA-dscp#APIC_QOS_Q_OUT

ip nbar protocol-discovery

end

Configuration is manually removed from the device:

TBRANCH-C9200L-2(config)#int gig 1/0/7

TBRANCH-C9200L-2(config-if)#no ip nbar protocol-discovery

TBRANCH-C9200L-2(config-if)#

Figure 5: Application Visibility Compliance Violation

Figure 6: Configuration removed for this interface

Software Image

Cisco DNA Center uses the concept of “Golden Image” to support image consistency within a site. When devices have images different from “Golden Image”, it will trigger the “Software Image” compliance violation as seen in the snapshots below:

Figure 7: Software Compliance Violation

Figure 8: Device Image different from Golden Image

Critical Security Advisories

Devices with critical security vulnerabilities will also trigger a compliance check as shown in the snapshots below:

Figure 9: Critical Security Advisories Compliance Violation

Figure 10: Detailed list of security advisories

Source: cisco.com

Continue reading

Cisco 350-201 CBRCOR: How to Prepare for CyberOps Professional Certification?

Cisco CBRCOR Exam Description:

Performing CyberOps Using Cisco Security Technologies v1.0 (CBRCOR 350-201) is a 120-minute exam that is associated with the Cisco CyberOps Professional Certification. This exam tests a candidate's knowledge of core cybersecurity operations including cybersecurity fundamentals, techniques, processes, and automation. The course Performing CyberOps Using Cisco Core Security Technologies helps candidates to prepare for this exam.

Cisco 350-201 Exam Overview:

• Exam Name- Performing CyberOps Using Cisco Security Technologies
• Exam Number- 350-201 CBRCOR
• Exam Price- $400 USD
• Duration- 120 minutes
• Number of Questions- 90-110
• Passing Score- Variable (750-850 / 1000 Approx.)
• Recommended Training- Performing CyberOps Using Cisco Security Technologies (CBRCOR)
• CBRCOR study materials
• Exam Registration- PEARSON VUE
• Sample Questions- Cisco 350-201 Sample Questions
• Practice Exam- Cisco Certified CyberOps Specialist - CyberOps Core Practice Test

RELATED READ:

350-201 CBRCOR: Outstanding Study Tips to Become Cisco Certified CyberOps Specialist - CyberOps Core

Continue reading

Latest Innovations in Cisco DNA Software for Switching

Cisco continues to deliver on its promise of innovation in our Cisco DNA software for Switching subscription. By deploying the latest innovations in Cisco DNA software for Switching along with Cisco DNA Center, you can unlock the full power of your Catalyst switches in a user-friendly way. It’s no question that Cisco DNA Center is the most powerful management platform for your Catalyst devices over any third-party network management system.

What’s new?

ThousandEyes integration (Application assurance): Cisco DNA Center can provide visibility into how your applications are performing, which is improved as a result of the out-of-the-box integration with ThousandEyes (TE). TE agents are included in Cisco DNA Software subscriptions at the Advantage level in specific models, they just need to be deployed out to your switches. You can see applications that TE agents are monitoring in the dashboard and get a performance summary (loss, latency, jitter) with the ability to drill down further. Not only does TE provide insight into your internal network, but also service providers.

Figure 1: ThousandEyes integration in Cisco DNA Center

Client Health: This feature allows you to quickly and efficiently understand how well the network is supporting end-users. The impact of any issues can be minimized for end users as well as IT staff in terms of issue resolution. You have the ability to drill down and search for specific users and get a 360 view of the health of their devices to pinpoint any downtimes.

Figure 2: Client 360 in Cisco DNA Center

PoE analytics: As people return to the office, it is important to be able to understand the power in remote offices. PoE analytics will allow IT to troubleshoot issues by looking at key attributes of PoE. For example, if a device is pulling more power, it is usually an indication that it may break. Action can be taken to disable specific ports or even power cycle ports.

Figure 3: PoE Analytics

Group Policy with ISE: The integration of Cisco DNA Center and ISE to control policy on a Cisco network provides a level of security that is unmatched in the industry. You can visualize what’s going on in your network and what devices and servers are communicating with each other. This allows you to make corrections as needed and ultimately prevent any security breaches.

Figure 4: Cisco DNA Center integration with ISE

Cisco DNA Spaces for Smart Buildings: Cisco DNA Spaces, a cloud-based data platform for IoT devices, gives smart building managers an all-encompassing view of operations and power consumption of smart lighting and shades, conference room availability, and cleaning frequency, and asset location, to name a few. Cisco DNA Spaces entitlement for Smart Buildings (See and Extend) is included in Cisco DNA Advantage licenses for Cisco Catalyst 9300 and 9400 Series Switches.

Figure 5: Cisco DNA Spaces

How can I get these features and more?

If you already have a Cisco DNA Advantage subscription in Switching along with Cisco DNA Center, you will get to utilize these features at no additional cost to you.

If you do not have a Cisco DNA Advantage subscription or if you have a Cisco DNA Essentials subscription, the time to upgrade is now. We will continue to innovate and add more wireless features to our advantage tier.

Cisco is expanding the deployment options of Cisco DNA Center to provide greater operational flexibility and choice.

Cisco DNA Center is currently installed on a dedicated appliance. However, we recently announced at Cisco Live a new option for Cisco DNA Center customers, the Cisco DNA Center Virtual Appliance. The virtual appliance which is targeted for general availability next year will give customers new deployment options for a network controller to deploy in a public cloud on AWS or on VMware ESXi within a company data center or in a private cloud.

Source: cisco.com

Continue reading