Why?
|
|
- Harold Tucker
- 6 years ago
- Views:
Transcription
1 SEC 211 Incident Response Oh no, we ve been hacked! Now what do we do?
2 Why?
3 Typical incident response process 1. Oh no, we got hacked! 2. Look for the easy solution 3. Failing that, observe the damage for a time 4. Update resume and await execution
4 There s a better way Why wait until your first attack? Affects decision-making Costs more Make it part of your security policy and risk mitigation strategy Real benefits No panic attacks process guides response Financial discounts from insurance company Service provider help win business
5 Taxonomy of security work Prevention Detection Reaction IT budget
6 The process Minimize the number and severity of incidents Assemble the core computer security incident response team Define an incident response plan
7 Minimize Incidents
8 Know your stuff! Where are your backups? Are they good? What assets are you trying to protect? What are the threats against them? What vulnerabilities might the assets have? How likely are those threats to materialize? What is normal traffic on your network? How fast should the network typically respond? Who sends us ? Who should be? Are your computers protected from theft?
9 Where does this fit? Prevention Detection Reaction IT budget
10 Risk assessment High Yes! We worry! Ris k What? Me worry? Low Asset Value High
11 It s got to cover all layers Data Application Host Internal network Perimeter Physical security People, policies, and process
12 Sample classification schemes Physical Where is the asset? How is access obtained? Public area Employee-onlyonly Controlled Available during business hours Card-key readers Card-key, PIN, and palm print Network Access from where? Wired corpnet Wireless corpnet VPN Kiosks Internet How to authenticate? Domain logon (human and PC) Domain logon plus certificates (human and computer) Domain logon, smartcard, quarantine Disallowed Disallowed except from corp PC
13 Startwiththe soft the stuff Establish, enforce, and measure policies If you can t measure it, drop it A lot of incidents happen by accident Get management support Begin regular security training ILOVEYOU! Most worms target carbon, not silicon Think about security banners That they stop prosecution is an urban legend But they remind people of their responsibilites
14 Don t neglect periodic maintenance Conduct regular vulnerability assessments Do it yourself or hire a consultant, your choice Run away from checklist slaves Are they bondable? Do you trust them? (the daughter test ) Don t forget to test social engineering Get permission! i
15 Don t neglect periodic maintenance Keep your systems patched and up-to-date Clients: come on, start using a patch management tool Servers: your choice, be mindful of reboots
16 Important technical controls Strong password policies Passphrases are better though Monitor and analyze network traffic and system performance Learn what normal means for you
17 Important technical controls Routinely check all logs But they re useful only after you ve already learned normal Verify backups Do restores actually work? Is the media still functioning? i Who can perform?
18 Assemble the Core CSIRT
19 The core CSIRT These are the people who respond to all incidents Require responsibility and authority Clearly-defined duties: eliminates not my job! Who pulls the LAN cable? Under what conditions? Build this before you get attacked Make it part of their regular job description Include in job performance goals Give them periodic drills for practice
20 Successful teams Monitor for security breaches Act as communications central Receive reports of incidents Disseminate information about incidents Document incidents Promote security awareness inside the company Support system and network auditing Vulnerability assessments, penetration testing Remain abreast of new vulnerabilities and attacks Research software patches Analyze and implement new processes and technologies for reducing vulnerabilities and risk
21 Team preparation Train to use good tools Where are they? How to use them? Rapidly available specialized laptops used only for this Be sure to protect them when not in use!
22 Team preparation Train to use good tools Assemble all relevant communication info Contact names and numbers CSIRT team Admins and owners Legal Public/media relations ISP Law enforcement Involve legal in any dealings with law enforcement and when gathering evidence
23 Team preparation Train to use good tools Assemble all relevant communication info Keep emergency info in central offline storage Passwords IP addresses Router configurations Firewall rulesets Certification authority keys Contact names and numbers Escalation procedures If electronic, encrypt it then lock it up!
24 Team roles Team Lead In charge of the team s activities Coordinates reviews of team s actions Authorized to change policies and procedures
25 Team roles Team Lead Incident Handler Incident Handler Incident Handler Incident Handler Incident Handler Do the actual work
26 Team roles Team Lead Incident Handler Incident Handler Lead Incident Handler Incident Handler Incident Handler Owns a particular incident Coordinates all communication about the incident Represents entire CSIRT to those outside Might vary, depending on incident particulars
27 Team roles Team Lead Incident Handler Incident Handler Incident Handler Incident Handler Incident Handler Associate Member Associate Member Associate Member Associate Member From various departments throughout your company Specialize in areas affected by security incidents Participate in incidents or delegate to another in their area
28 Associate members IT contact Legal representative PR officer Management Coordinates communications between incident lead and rest of IT department Lawyer familiar with incident response policies; determines how to proceed. Involved before incidents, evaluates response policies to ensure you aren t at legal risk during containment If we shut down, do we violate service agreements? If we don t shut down, are we liable if someone else gets attacked from the compromised system? Crafts message for the public and handles all media inquiries Either departmental or company-wide; determines total impact (financial and otherwise) to the company; directs communications officer and interaction with law enforcement agencies
29 Response roles Inc. lead IT contact Legal repr. PR officer Mgmt. Initial assessment Owns Advises Initial response Owns Implements Updates Updates Updates Collects forensic Implements Advises Owns evidence Implements temporary fix Owns Implements Updates Updates Advises Sends communication Advises Advises Advises Implements Owns Checks with law Updates Updates Implements Updates Owns enforcement Implements Owns Implements Updates Updates Updates permanent fix Determines business impact Updates Updates Advises Updates Owns
30 Define an Incident Response Plan
31 Where does this fit? Prevention Detection Reaction IT budget
32 Incident response is not Panic Paranoia Frustration Giving up
33 Plan components Make an initial assessment Communicate the incident Contain the damage and minimize the risk Identify the type and severity of the compromise Protect evidence Notify external agencies (if appropriate) Recover systems Compile and organize incident documentation Assess incident damage and cost Review the response and update policies Test this process regularly! It s the only way you can be sure that it will work when the time comes
34 Not purely sequential Throughout incident In conjunction Some sequence Documentation Communication Initial assessment + damage containment 1.Identify type and severity 2.Contain damage and minimize risk
35 Make an initial assessment Is it really a bad guy? An admin doing his/her job might appear malicious Is it a configuration problem? Causing the IDS to report too many false positives Start trying to determine type and severity Get enough info for further study and communication How will you contain it? Record everything you do Not acting on a real incident is worse than acting on a false positive, but don t take too much time to figure it out
36 Communicate the incident If it s real then communicate to entire CSIRT Identify an incident lead and appoint handling team members Determine who outside CSIRT to contact Maintains coordination Minimizes damage Headline in newspaper could be more damaging Don t want to tip off the attacker
37 Contain the damage Acting quickly and decisively can make the difference between a minor attack and a major one Helpful priorities 1.Protect human life and peoples safety 2.Protect classified and sensitive data 3.Protect other data (proprietary, scientific, managerial) 4.Protect hardware and software 5.Minimize i i disruption of computing resources The goal: get back online as soon as possible while protecting people and preserving that which keeps us in business
38 Contain the damage Don t let the bad guy know you re on to him A wholesale password change, while necessary, will also be a give-away Do you unplug or not? Compare cost of yes or no Will you violate an SLA? Which h is more expensive? Next time: incorporate such decision into the SLA itself Disable bad guy s ingress point Modem firewall rule physical entry Rebuild new system with new hard drives Lock up existing ones to preserve forensic evidence Change passwords, especially administrative i ti
39 Determine nature of the attack Might be different from initial assessment What s the origin? What s the intent Are we a specific target? Just a random victim? Why us? (information, bandwidth, ) Which systems are compromised? Which files have been accessed? How sensitive are they? Helps direct how you will recover Incident response plan should guide your responses as you learn more about the attack
40 Determine severity of the attack Work with other CSIRT members Do they agree with your assessment? Any unauthorized physical access? Any unauthorized hardware suddenly appearing? Any new, unexpected members in admin groups? Any new startup programs? Any gaps in logs? Or completely missing? Anything else weird in them? Unexpected or unusual access failures or successes Strange times (nonworking hours) Permissions changes or elevations What s different now compared to previous integrity check? Any non-business data? (porn, music, warez) Any employee data now in a bad place? You might have to deal with privacy issues now Any change in performance?
41 Comparing against a baseline Best way to know what s changed Works only if you know your previously-recorded recorded baseline hasn t already been compromised My favorite tool: TripWire Others EventCombMT DumpEL Microsoft Operations Manager
42 Collect and protect evidence Prosecution should be the least of your worries but make backups anyway Make two bit-for for-bit backups First: on write-once media (DVD±R) Use in case you decide to prosecute; keep physically secure Second: on brand-new new hard drive Use for data recovery Document everything you do with them Physically secure original compromised disks Will become evidence if you prosecute Rebuild system with new drives
43 Collect and protect evidence There s always that trade-off Does the cost of preserving data outweigh the cost of delaying response and recovery? Is rapid recovery the most important t thing for you? Comprehensive backups might be impossible for very large systems Limit to system state, logs, breached portions of systems If you can figure it out!
44 Document document document! If you do prosecute, questions about your evidence will arise Every jurisdiction has its own requirements for acceptable evidence Maintain detailed and complete documentation Who did what when and how Sign and date every page
45 Notify external agencies Potential agencies Local and national law enforcement (especially if loss is financial) External security agencies (their experience is helpful) l) Malware experts Coordinate with your legal representative e What kind of public notification? Depends on your industry Depends on whether customers were affected
46 Media attention If you re a high-profile company, expect attention! Rarely desirable, often unavoidable Incident response plan describes Who s allowed to interact What they re allowed to say Whether you notify media or wait for their call Speaking of notification Consider how to spin it to your advantage Being honest, showing how you re improving could actually win customers Don t lie about it, of course reputation reputation damage
47 Compile and organize documentation What was the attack? How did we respond? Who When Why Organize, sign, then review with management and legal representative Consider dual sign-offs increases likelihood of evidence acceptance All this absolutely critical if you suspect an insider
48 Assess damage and cost Direct and indirect costs Loss of competitive edge (because of release of confidential information) Legal costs Labor costs incident analysis and recovery Downtime costs Lost productivity Lost sales Replaced hardware, software, other property p Costs of updating physical security Consequential damages reputation, trust
49 Review and update After you ve cleaned it all up, review your response What went well? What needs improvement? How will we get better next time? Update policies Can we make them better? Opportunities to streamline? Anything we need to strengthen? th Consider new technologies Can we improve our prevention mechanisms?
50 More Information
51 Learn more Handbook for Computer Security Incident Response Teams by Moira J. West Brown, et al /03.reports/03hb002.html Forum of Incident Response and Security Teams
52 Steve Riley technet com/steriley 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
SECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More information50+ Incident Response Preparedness Checklist Items.
50+ Incident Response Preparedness Checklist Items Brought to you by: Written by: Buzz Hillestad, Senior Information Security Consultant at SBS, LLC 1 and Blake Coe, Vice President, Network Security at
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationMANAGEMENT OF INFORMATION SECURITY INCIDENTS
MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationThe 10 Disaster Planning Essentials For A Small Business Network
The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days or even weeks due to data loss
More informationData Privacy Breach Policy and Procedure
Data Privacy Breach Policy and Procedure Document Information Last revision date: April 16, 2018 Adopted date: Next review: January 1 Annually Overview A privacy breach is an action that results in an
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationSecurity Automation Best Practices
WHITEPAPER Security Automation Best Practices A guide to making your security team successful with automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationT11: Incident Response Clinic Kieran Norton, Deloitte & Touche
T11: Incident Response Clinic Kieran Norton, Deloitte & Touche Incident Response Clinic Kieran Norton Senior Manager, Deloitte First Things First Who am I? Who are you? Together we will: Review the current
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationIt s Not If But When: How to Build Your Cyber Incident Response Plan
CYBER SECURITY USA It s Not If But When: How to Build Your Cyber Incident Response Plan Lucie Hayward, Managing Consultant Michael Quinn, Associate Managing Director each day seems to bring news of yet
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1
SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationData Security Policy for Research Projects
Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data... 2 6.0 Classification of Research
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationReal-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant
Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant Agenda The Presentation Beginning with the end. Terminology Putting it into Action Additional resources and information
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationDigital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS
Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More information10 Hidden IT Risks That Might Threaten Your Business
(Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationAdvanced Security Measures for Clients and Servers
Advanced Security Measures for Clients and Servers Wayne Harris MCSE Senior Consultant Certified Security Solutions Importance of Active Directory Security Active Directory creates a more secure network
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationNetwork Video Recorder Security Guide
Network Video Recorder Security Guide January 2018 1 About This Document This Guide shows users how to configure a Hikvision NVR system with a high level of cybersecurity protection. User Manual COPYRIGHT
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationInstitute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationNetwork Camera Security Guide
Network Camera Security Guide January 2018 About This Document This Guide includes instructions for using and managing the product safely. User Manual COPYRIGHT 2018 Hangzhou Hikvision Digital Technology
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationFigure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues
1 Managing the Security Function Chapter 11 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Top Management Support Top-Management security awareness briefing (emphasis on brief)
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationUnderstanding IT Audit and Risk Management
Understanding IT Audit and Risk Management Presentation overview Understanding different types of Assessments Risk Assessments IT Audits Security Assessments Key Areas of Focus Steps to Mitigation We need
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationIncident Response Table Tops
Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table
More informationData Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.
Data Breaches: Is IBM i Really At Risk? HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. ROBIN TATAM, CBCA CISM PCI-P Global Director
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationContingency Planning
Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationVMware vcloud Air SOC 1 Control Matrix
VMware vcloud Air SOC 1 Control Objectives/Activities Matrix VMware vcloud Air goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a
More informationHIPAA Compliance Assessment Module
Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationInformation Security Data Classification Procedure
Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationTechnology Security Failures Common security parameters neglected. Presented by: Tod Ferran
Technology Security Failures Common security parameters neglected Presented by: Tod Ferran October 31 st, 2015 1 HALOCK Overview Founded in 1996 100% focus on information security Privately owned Owned
More information