Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant
|
|
- Lynette Mitchell
- 5 years ago
- Views:
Transcription
1 Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant
2 Agenda The Presentation Beginning with the end. Terminology Putting it into Action Additional resources and information Framework/foundations Building Effective Incident Response Testing of the incident response plans and team members Case Study 2
3 Beginning with the End in Mind
4 Beginning with the End: Adopt a Framework NIST SP r2 1 National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August 2012
5 Beginning with the End: Understand what you are responding to! Define things!
6 Beginning with the End: Have a process At least use a checklist! 6
7 Step Action Completed Detection and analysis 1. Determine whether an incident has occurred. 1.1 Analyze the precursors and indicators 1.2 Look for correlating information 1.3 Perform research 1.4 As soon as the handler believes an incident has occurred, begin documenting the investigation and gathering evidence. 2. Prioritize handling the incident based on relevant factors. 3. Report the incident to the appropriate internal personnel and external organizations 7
8 Step Action Completed Containment, Eradication, and Recovery 4. Acquire, preserve, secure, and document evidence. 5. Contain the incident 6. Eradicate the incident 6.1. Identify and mitigate all vulnerabilities that were exploited Remove malware, inappropriate materials, and other components. If more affected hosts are discovered (e.g., new malware infections), repeat the Detection and Analysis steps (1.1., 1.2) to identify all other affected hosts, then contain (5) and eradicate (6) the incident for them. 8
9 Step Action Completed Containment, Eradication, and Recovery 7. Recover the incident 7.1. Return affected systems to an operationally ready state Confirm that the affected systems are functioning normally If necessary, implement additional monitoring to look for future related activity. 9
10 Step Action Completed Post-incident Activity 8. Create a follow-up report 9. Hold a lessons learned meeting (mandatory for major incident, optional otherwise). Post incident activities are important to ensure the organization understands how the incident occurred and ensure the organization takes steps to prevent the same type of incidents from occurring again. 10
11 Terminology
12 Terminology Events verses Incidents 1 Events An event is any observable occurrence in a system or network. Adverse events are events with a negative consequence, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data. Incident A computer security incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices 1 National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
13 Terminology Threat: The potential source of an adverse event. Common threat surface: Human Interaction (received and sent) Web pages visited Social sites Blogs Architectural Network interfaces (External and Internal) Severs and running services and applications Vulnerability: A weakness in a system, application, or network that is subject to exploitation or misuse. National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
14 Terminology Attack Vectors: These are the means used by the attackers to exploit vulnerabilities. Examples are: External/Removable Media Attrition: An attack that employs brute force methods to compromise, degrade, or destroy systems, networks, or services Web Social Engineering Improper Usage Precursor: A sign that an attacker may be preparing to cause an incident. Indicator: A sign that an incident may have occurred or may be currently occurring. National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
15 Putting it into Action: Implementing this at your organization
16 Putting it into Action Evaluate your organization to ensure that threat modeling activities occur and the threat environment receives continuous monitoring. 16
17 Putting it into Action Based on the threat modeling processes, ensure your organization is aware of the likely threat scenarios from the Top down. 17
18 Putting it into Action Develop a real commitment and engagement from management. Effectiveness requires appropriate authority, budget and capabilities to accomplish incident response goals. 18
19 Putting it into Action Implement incident response processes to address your reality based on real threats to your business. Are BIA, CP, DRP, etc. in place, relevant, and adequate to support the incident response program? 19
20 Putting it into Action Test, Test and retest Prefect Practice make Perfect Performance 20
21 Thank You Keyaan Williams
22 Framework Foundations
23 Framework/Foundations 1 1 National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August 2012
24 Agile and Responsive Framework/Foundations Incident Response Policy and Program defined Incident Response Plan is drive by up-to-date information Threat Intelligence Business Impact Assessments that are current and accurate Asset Identification Data, Technologies, People and Processes Critical contracts, customers and business partners are part of the plan Supported from the top down and are fully integrated within Policies, Programs and Plans 24
25 Agile and Responsive Framework/Foundations Defined roles and responsibilities Based on need-to-know and value add (lean and effective) Built in fail-over for critical roles so there are no single failure points Specific Response member playbooks that are tailored to their roles and responsibilities Required tools, services and documentation processes are in place for use in near real-time 25
26 Agile and Responsive Framework/Foundations Incident Response Team Structure Central Incident Response Team - A single incident response team handles incidents throughout the organization (small organizations and for organizations with minimal geographic diversity) Distributed Incident Response Teams - multiple incident response teams, each responsible for a particular logical or physical segment of the organization (large organizations and major computing resources at distant locations). However, the teams should be part of a single coordinated team National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
27 Understanding the Interaction of People - Organizational Structures Incident Response Team Structure Think of how we can detect both the precursors and actual incidents with a focus on agility and responsiveness Helpdesk trouble calls (Our service tickets and activity type and volume) Network Operations Center (Anomalous Network Traffic and Log Events) Platform administrators analysis from (Changes all probable in Files sources Permissions, Software programs and application code) Physical Security personnel and intrusion detection and surveillance (Eyes and Ears) System Security teams Threat Intelligence End Users (System Performance, Unusual Application Operations and Changes) Vendors, Service Providers, Business Partners and Customers Incident Response program must integrate near real-time information gathering and 27
28 Understanding the Interaction of People - Organizational Structures Incident Response Team Interaction Make response activities repeatable and checklist drive for ease of use Playbook for each group of responders Provide overview in each section for the Kill-Chain for each type of category of incident Tailor each group s playbook to their roles and responsibilities KISS Principle Make simple decision trees and use Graphics to depict if possible for ease of use Yes there are multi-surface attacks, but you follow the kill chain based on triage Forms in place for complete and accurate documentation of each team members activities step by step from initial to Report 28
29 Understanding the Interaction of People - Organizational Structures Incident Response Team Interaction Make response activities repeatable and checklist drive for ease of use Playbook for each group of responders (continued) Color coded sections for types of incidents based on decision tree pull the cards your need and follow the process Have only those numbers in each playbook that are applicable to the team members roles and responsibilities (to include fail-over) Keep it current 29
30 Building Effective Incident Response
31 Construct of Effective and Streamlined IR programs Supported from the Boardroom down Threat modeling is presented to the Board in clear concise presentation Risk framing and appetite clearly defined for most likely scenarios and receive Board level acceptance Board directs Senior managers to develop, implement and test incident response program(s), policies and processes and provide status reporting as part of normal Cybersecurity briefing processes Senior management appoints a responsible person who has both the authority, budgetary means and clearly defined responsibilities to enable the IR processes to be executed in near real-time across all business groups within the organization Senior management ensures that ALL organization across the enterprise MUST support the IR processes. The IR Executive establishes a cross functional IR command structure based on the accepted scenarios, BIAs and related CP and DRPs 31
32 Construct of Effective and Streamlined IR programs Contracts are in place for all required services Should be documented in the BIA and required coordination with procurement team to ensure these lists are current and accurate Forensics support contracts Software Escrow in support of Trusted Recovery External Legal Counsel Recovery services Logical, Physical, Temporary Staffing (look at your scenarios and this should drive criticality of these resources Hosting, cloud and other managed service providers Business partners agreements clearly define response clause responsibilities and direct that they support your IR processes if applicable to include documentation and document production requests Speaking of documentation. 32
33 Construct of Effective and Streamlined IR programs Well defined documentation and artifact gathering, retention and protected storage processes Well defined methods and techniques to ensure Chain-of-Custody of all evidentiary material in any form they could be obtained Document repository is identified and maintained to protect against unauthorized access or alteration Use of tools such as SharePoint and/or other document management systems Multifactor authentication and defined role based access control Securely accessible from remote locations by incident response team members Public affairs and legal counsel provide rule of engagement with media, friends and family for all employees, contractors and other affected third parties 33
34 Construct of Effective and Streamlined IR programs 34
35 Construct of Effective and Streamlined IR programs 35
36 Testing Incident Response
37 Testing of the Incident Response Plans Consider your Audience How do you work a test with Executive Management s schedule? For progressive involved management this can be done as an overall integrated test For a diverse senior management team on the move Yes that is most of us, try working tabletop scenarios that can be securely worked over remote connections - Cell phones (voice and SMS) and Use threat intelligence/modeling to develop test scenarios that are most likely to occur from each category in the playbook (data breach, malware outbreak, logical and physical intrusions, etc.) Tabletop scenarios that need to be completed with one hour per scenario using full escalation as per decision trees to accurately simulate and evaluate responses of each team member and the processes within the playbooks 37
38 Testing of the Incident Response Plans Consider your Audience How do you work a test with Executive Management s schedule? For progressive involved management this can be done as an overall integrated test For a diverse senior management team on the move Yes that is most of us, try working tabletop scenarios that can be securely worked over remote connections - Cell phones (voice and SMS) and Use threat intelligence/modeling to develop test scenarios that are most likely to occur from each category in the playbook (data breach, malware outbreak, logical and physical intrusions, etc.) Tabletop scenarios that need to be completed with one hour per scenario using full escalation as per decision trees to accurately simulate and evaluate responses of each team member and the processes within the playbooks 38
39 Testing of the Incident Response Plans Consider your Training and Testing Tools Where do you house the testing War Room Out-location conference rooms Test environments for simulation to include help desk (depends on level of realism desired or within budget) How can you record electronic and person to person exchanges during testing to evaluate effectiveness of these exchanges of information during the incident SMS, s, faxes An employee assigned as a recorder of all minutes during testing Collection of manually and electronically completed incident response forms, notes and artifacts 39
40 Testing of the Incident Response Plans Consider your Other Interrelated Plans Business Continuity and Disaster recover teams Standing up VMs to simulate recovery and test capabilities Third parties (based on highest criticality for each scenario) integrated with the response plans, i.e. off site backups, recovery vendors, critical business partners, managed service providers Travel and other expenses are planned for and simulated for the deployment of critical personnel 40
41 Case Study
42 Case Study KISS in Action University Hospital has been receiving calls to the Help Desk electronic health records files can not be accessed by physicians within several departments. Detection is being made by the Help Desk How does the Hospital determine they have an incident? By definition this is a indicator due to the volume of call? By definition this is an event that is causing impact to availability By definition after looking a production schedules there is no indication that these systems or servers holding these data have outages that would cause this issue - INCIDENT detected! Is it this Simple? No not all the time but it can be just as Streamlined Users and Help Desk personnel are Tip of the Spear and a great Barometers of what is taking place within your enterprise 42
43 Case Study for Ease of Use Identification and Analysis is being made by the integrated IT and Security team How? Following their checklists they review the detailed information that the Help Desk documented within the trouble ticket and identify: Current affected system, files, departments etc. Time first report of the events that lead to the incident being detected Interview of affected personnel indicates files are all inaccessible due to being encrypted One states that they Notifications now follow escalation process for Malware Incidents By definition - INCIDENT identified and being Analyzed! Who, What, Where and a portion of how? 43
44 Case Study for Ease of Use Criteria for Escalation and Response National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
45 Case Study for Ease of Use Criteria for Escalation and Response National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
46 Case Study for Ease of Use Criteria for Escalation and Response National Institute of Science and Technology Special Publication v2, COMPUTER SECURITY INCIDENT HANDLING GUIDE, August
47 Case Study for Ease of use Containment, Eradication and Recovery is being made by the integrated IT, Security, Malware SMEs, CEO, CFO, CIO, Legal Counsel, Privacy Officer, head of Medical Operations, Public Affairs, Third party Forensics, Law Enforcement, appropriate government agencies Following their checklists they each apply TTPs per their discipline to: Contain the spread of Ransomware Eradicate Ransomware and based on Management risk based direction pay ransom or recover and re-enter data Initiate disaster recovery and business continuity plans for affected systems processes concurrent with incident response (concurrent with above bullets) Do you have software escrow in place? Trusted recovery images? 47
48 Case Study for Ease of use Containment, Eradication and Recovery is being made by the integrated IT, Security, Malware SMEs, CEO, CFO, CIO, Legal Counsel, Privacy Officer, head of Medical Operations, Public Affairs, Third party Forensics, Law Enforcement, appropriate government agencies Following their checklists they each apply TTPs per their discipline to: (continued) Address legal and reporting requirements Prepare and deliver public and private communications to stakeholders 48
49 Case Study for Ease of use Post Incident Activities Documentation and reports from detection through recovery from all team members are collected along with relevant artifacts from all parties involved Incident Response Team Owner and/or program team review what went right and wrong and efficiencies and effectiveness throughout the response process Based on the analysis document lessons learned, they make recommendations for updating: Policies, procedures, playbooks Organizational alignment for response Specific Tools, Techniques and Procedures Identification and removal of bottlenecks Update training for failures noted pre, during and post incident 49
Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationIncident Response Table Tops
Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table
More informationComputer Security Incident Response Plan. Date of Approval: 23-FEB-2014
Computer Security Incident Response Plan Name of Approver: Mary Ann Blair Date of Approval: 23-FEB-2014 Date of Review: 31-MAY-2016 Effective Date: 23-FEB-2014 Name of Reviewer: John Lerchey Table of Contents
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationIt s Not If But When: How to Build Your Cyber Incident Response Plan
CYBER SECURITY USA It s Not If But When: How to Build Your Cyber Incident Response Plan Lucie Hayward, Managing Consultant Michael Quinn, Associate Managing Director each day seems to bring news of yet
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationAssessing Your Incident Response Capabilities Do You Have What it Takes?
Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More information50+ Incident Response Preparedness Checklist Items.
50+ Incident Response Preparedness Checklist Items Brought to you by: Written by: Buzz Hillestad, Senior Information Security Consultant at SBS, LLC 1 and Blake Coe, Vice President, Network Security at
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationIncident Response Requirements and Process Clarification Comment Disposition and FAQ 11/27/2014
Incident Requirements and Process Clarification Disposition and FAQ 11/27/2014 Table of Contents 1. Incident Requirements and Process Clarification Disposition... 3 2. Incident Requirements and Process
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationContingency Planning
Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More information10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment
Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationT11: Incident Response Clinic Kieran Norton, Deloitte & Touche
T11: Incident Response Clinic Kieran Norton, Deloitte & Touche Incident Response Clinic Kieran Norton Senior Manager, Deloitte First Things First Who am I? Who are you? Together we will: Review the current
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Contingency Planning Jan 22, 2008 Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationMANAGEMENT OF INFORMATION SECURITY INCIDENTS
MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationBreaches and Remediation
Breaches and Remediation Ramona Oliver US Department of Labor Personally Identifiable Information Personally Identifiable Information (PII): Any information about an individual maintained by an agency,
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationFROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM
SESSION ID: TECH-F02 FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM Mike Ostrowski VP Proficio @proficioinc EXPERIENCE FROM THE CHASM Managed Detection and Response Service Provider Three Global Security
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationCyber Incident Management Planning Guide. For IIROC Dealer Members
Cyber Incident Management Planning Guide For IIROC Dealer Members Table of Contents 1 Executive Summary... 3 1.1 Background... 5 1.1.1 Objectives... 5 1.1.2 Context... 5 2 An Overview of Cybersecurity
More informationBe Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid
Computer Security Incident Response Team (CSIRT) Guide Maliha Alam Mehreen Shahid Plan Establish Connect Be Secure! CSIRT Coordination Center Pakistan 2014 i Contents 1. What is CSIRT?... 1 2. Policy,
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationBreaches and Remediation
Breaches and Remediation Ramona Oliver US Department of Labor Personally Identifiable Information Personally Identifiable Information (PII): Any information about an individual maintained by an agency,
More informationCISM QAE ITEM DEVELOPMENT GUIDE
CISM QAE ITEM DEVELOPMENT GUIDE ISACA 2015. All Rights Reserved. 2 TABLE OF CONTENTS PURPOSE OF THE CISM QAE ITEM DEVELOPMENT GUIDE... 3 PURPOSE OF THE CISM QAE... 3 CISM EXAM STRUCTURE... 3 WRITING QUALITY
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationStrategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare
Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain
More informationAmerican Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment
American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationTen Ways to Prepare for Incident Response
Ten Ways to Prepare for Incident Response 1 Ten Ways to Prepare for Incident Response Introduction As a senior consultant on the Foundstone Services incident response and forensic team, I regularly respond
More informationFabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationGUIDE. Navigating the General Data Protection Regulation Mini Guide
GUIDE Navigating the General Data Protection Regulation Mini Guide Introduction The General Data Protection Regulation (GDPR) will deliver a long overdue modernization and harmonization of privacy and
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationNIST Standards. October 14, 2016 Steve Konecny
NIST Standards October 14, 2016 Steve Konecny Overview Function Category Subcategory RS.AN 1: Notifications from detection systems are investigated RESPOND (RS) Analysis (RS.AN) Analysis is conducted to
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps to
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSURVIVING THE CYBERPOCALYPSE. Craig Felty Vice President, Patient Care Services Hancock Regional Hospital
SURVIVING THE CYBERPOCALYPSE Craig Felty Vice President, Patient Care Services Hancock Regional Hospital Independent health system, $150M annual revenue, 1,200 employees, 150 active medical staff members,
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Privacy Breach Policy and Procedure
Data Privacy Breach Policy and Procedure Document Information Last revision date: April 16, 2018 Adopted date: Next review: January 1 Annually Overview A privacy breach is an action that results in an
More information