The presentation will cover a very short history of epidemiology and the similarities between information security and modern epidemiology processes used in the surveying of populations for indicators of potential epidemics.
Instead of passively waiting for a breach to engage Incident Response, information security needs to engage in the constant day to day surveying of population data to find the digital disease pathogen before it becomes an epidemic. The key to preventing digital diseases today and well into the future, will be to copy the investigation and prevention techniques of the 19th century Dr. John Snow and the 21st century Center for Disease Control and Prevention Epidemiological Intelligence Service way of thinking. This presentation will walk the audience through an epidemiological analogy to better explain the differences between passive and active digital disease surveillance and inform the audience on an alternative way to speak to management and users in a understandable manner using medical analogies. The presentation will also introduce some visualization and graphing ideas to give the audience a starting point in epidigitalogy.
a. How I stumbled across this Epidemiology based idea.
a. Introduce Dr. John Snow and his process of determining cause of Cholera and a mitigating control.
a. The never ending story of hosts versus pathogens in both bio and digital realm.
a. The CDC has been so successful, we don't even notice it. How to replicate this in the security environment.
Walk audience through an epidemiological analog that can be used to communicate their day to day processes and success to users and management.
Explain the benefits gained at the CDC EIS from the process of proactive statistical analysis of non-malware related logs.
Introduce the (S.I.R) Susceptibility, Infection, Recovery inspired graph as a means of tracking a large number of systems over long periods.
Show using CDC EpiInfo against endpoint security logs to demonstrate that the lessons learned in the biology field can be used in the digital disease area.
Show more graphing examples to illustrate the benefits of proactive statistical analysis of logs.
Sources of inspiration:
a. Johnson, Steven Berlin. The Ghost Map (Penguin Books Limited, 2008)
b. Pendergrast, Mark. Inside the Outbreaks: The Elite Medical Detectives of the Epidemic Intelligence Service
c. CDC EpiInfo 7. http://wwwn.cdc.gov/epiinfo/
d. Epidemiology: The Basic Science of Public Health https://www.coursera.org/course/epidemiology
e. Epidemics Â<8a>Â<97>Â<96> the Dynamics of Infectious Diseases
https://class.coursera.org/epidemics-001
f. Kass-Hout,Tah and Zhang, Xiaohui. Biosurveillance: Methods and Case Studies (Taylor and Francis Group, 2011)
g. Dean, Andrew G. et al. Epi Info and OpenEpi in Epidemiology and Clinical Medicine: Health Applications of Free Software (Andrew G. Dean, 2010)
h. Weaver, Ph.D., Ann and Goldberg, M.D., Stephen. Clinical Biostatistics and Epidemiology made ridiculously simple (Medmaster, Inc., 2011,2012)
i. Fletcher, Robert H. and Fletcher, Suzanne W. Clinical Epidemiology: The Essentials (Lippincott Williams and Wilkins, 2005)
Efrain is a Director in the Market and Technology Innovation Group at Symantec Corporation. He transferred to a director role after 15 years as a field pre-sales systems engineer. Since getting his first TRS-80 color computer, Efrain has been experimenting and working with computers. Prior to the last 15 years, he worked in numerous roles, from pen testing to network, database and systems administration. He also makes the time to participate in Cyber War Game contests, MakerFaires, and chocolate collecting.