Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions

Transcription

1

2 Role of BC / DR in CISRP Ramesh Warrier Director ebrp Solutions

3 You have been HACKED Now what?

4 Incident Response Incident HANDLING Incident RESPONSE

5 Incident HANDLING Assessment Containment Eradication Responsibility: CSIRT, InfoSEC Team

6 Incident Response Impact on Financial, Regulatory or Reputation IT Systems/Service Outage Impact on Delivery of Products/Services Responsibility: CIRTs, Crisis Management, BC, DR

7 NIST CSIRP Framework

8 Identify Phase of NIST

9 Identify Phase Identify the Assets of the organization Identify Threats / Vulnerabilities Identify potential Impacts (Planning Phase) (Response Phase)

10 Protect Phase of NIST

11 Protection Phase Information Security Policies & Protocols Protection at the Edge Scanners, filters, IDE Deploy system Patches Reduce the Attack Surface

12

13

14 Exploit A simplified view

15 Protection Phase Reduce the Attack Surface

16 Detect Phase of NIST

17 Detection the Big if Most breaches are detected 30 days or later The Vulnerability Exploit Not Common known V Most exploits are Human Engineering Be Prepared to Respond

18 Respond Phase of NIST

19 Incident Response Incident HANDLING Incident RESPONSE

20 Incident Response Impact Type Financial, Regulatory and/or Reputational Response Identification, Containment & Crisis Mgmt Responsibility Computer Incident Response Team (CIRT) & Crisis Management Team (CMT) & Senior Management

21 Recover Phase of NIST

22 Recovery Impact Type Business or IT Service Outage Response Business Continuity & Disaster Recovery Plans Responsibility Business Continuity Teams & IT Disaster Recovery & Senior Management

23 Be Prepared What Can BC/DR Planners Do?

24 Change is the only constant If you always do what you always did, you will always get what you always got. [Albert Einstein]

25 Planning Enhanced Planning Information required for Plan Development BIA Enhanced Data Collection, Analysis Risk Assessment Include InfoSEC elements Modeling Vulnerabilities, Continuity Strategies

26 Crisis Management Domain

27 BC Continuing Delivery of Products & Services

28 DR IT Service Continuity

29 Your Org Model The Foundation

30 Planning Enhanced Data Classification PII, PCI, PHI, IP, Vital Community Stakeholders, Regulators, Victims Regulatory Compliance FDICC, GDPR, SOX, HIPPA Dependencies Interfaces, External/Internal

31 Plans (re)structured Credible Plans Actionable, Measurable, Repeatable Plan Objective Scenario vs. Asset Restoration Structure Align to Operational OrgChart Actionable What, When & Who

32 Calculate RTO Early Start Time Buffer Actionable Plans Recovery Team

33

34 Credible Plans - Measurable

35 Program Management Office Structure Minimum 3 Level Hierarchy Program Manager(s) Executive Interface Facilitators BC/DR Subject Matter Experts Planners Stakeholders

36

37 CSIRT Constituency for whom services provided for Mission Purpose of CSIRT Services Type of Incidents, Functions, Actions Resources Staffing, Funding, Org Reporting Structure

38 Communications Command, Control & Communications Report Analysis, Impacts, Status Collaborate Between Responders Notify Internal, External Stakeholders, Victims

39 Incident Response Cycle Monitoring Dashboards Decision Support What is impacted? Employees / Facilities / Processes Applications / Hardware / Networks/dB Downstream Impact & Plans / Dependent Plans / Teams to be Invoked Collaboration Notification Real-time, Dynamic Updates Gantt Charts / Status Incident / Plan Monitoring Management Dashboard Task Allocation / Status Update Roll-Call / Issue Logging Critical Path Optimization

40 In Conclusion Cyber Security Incidents: It s not If but when Protection just Reduces Attack Surface CSIRP Response is Identification, Containment & Eradication CSIRP Recovery is focused on restoring Services Be Prepared to Respond

41 References NIST , NIST Carnegie Mellon SEI, CERT CSIRTs, CSIRP SANS Institute EU ENISA

42 Thank You

43 Download the Solution Showcase Thu, Oct 11 th Continuity Insights CI, NY Mon Oct 22 nd, Presentation DRJ Webinar Wed Nov 14 th