TOPIC: Information Technology

What's Going on In Your Network?

Are you able to see when a new user is added to a workstation? How about when an unknown PowerShell script is executed on a host in your network? Both could be signs of malicious activity. Sounds like something you may want to know about, right? 

A SIEM (System Information and Event Management) is typically used to ingest, aggregate, process data from various sources. These sources can range from Microsoft Windows logs, Network packet captures, or syslog data to name a few. Once this data is processed by a SIEM you have the ability to monitor, alert, and report on all the data. What does this mean? The options are limitless. For example, a PowerShell script is executed on a workstation in the middle of the night. A SIEM could be configured to detect this and alert the security staff or perform some other action potentially shutting down a malicious attack. There are a lot of great SIEM solutions out there, and many do a great job of meeting these goals. They range in complexity and price. To get your feet wet, in our latest blog we will go through the process of setting up and some usage of a simple open-source SIEM based on the Elastic Stack. This will provide you a good starting place and can be expanded in the future. 

    Committee Structure

    SVP at a bank ($172MUSA)

    I would be interested to hear from other banks how they structure their committees, specifically ALCO, Compliance, IT, Audit, and ERM.  Do you invite other bank staff that are not in Leadership positions to be a part of these committees?  After your committee meetings do you report to Senior Leadership (understand the Board would eventually get information), or directly to the Board?  We are looking at our committee structure overall and I would appreciate your input.