Forensics and Electronic Documents: Critical Activities, Considerations, and Steps for Success
|
|
- Moris Young
- 5 years ago
- Views:
Transcription
1 Forensics and Electronic Documents: Critical Activities, Considerations, and Steps for Success Effective Internal Investigations For Compliance Professionals November 10, 2011 Agenda Electronically Stored Information ediscovery For Internal Investigations Preliminary Investigative Planning How To Approach Each Stage Computer Forensics Data Breach Investigations Q & A 2 1
2 What is ESI? Where Can It Be Found? 3 How Much Are We Talking About? 1 Box = 2,500 pages 1 MB = 75 pages 1 GB = 75,000 pages = 1 2, GB = Million Pages Boxes = 4, GB = Million Pages Boxes = 7, GB = 22.5 Million Pages Boxes = 9,
3 Storage and Forms of Digital Data Active Files residing on user's hard drive and/or network server Archival Data compiled in back-up tapes Replicant Temporary files created by programs, also called ghost or clone files Residual Deleted files and s not actually deleted until the medium has been destroyed or completely overwritten 5 Metadata - Defined System Metadata is automatically created by a computer system and relates to system operation and file handling Examples: file name and date; author, time of creation or modification; file path Application Metadata can be automatically created or user created, and relates to application use and output generated including the substantive changes made to the document by the user Examples: prior edits, editorial comments, track changes, excel formulas, hidden rows, hyperlinks 6 3
4 MAC Times Vital Dates and Times 7 Metadata Defined (cont d) Embedded Metadata consists of the text, numbers, content, data, or other information that is directly or indirectly inputted into a Native File by a user and which is not typically visible to the user viewing the output display of the Native File on a screen or print out. Examples: spreadsheet formulas, hidden columns, linked files (such as sound files), and hyperlinks. 8 4
5 Embedded 9 Market Realities Legal and Regulatory Risks and Burdens BREAKING NEWS ESI GROWING MORE REGULATION LEGAL CHALLENGES TECHNOLOGY COMPLEXITY.. Data doubling within corporations every months..... Increased corporate scrutiny and investigation due to inquiries and expectations.... Courts and regulators demand that corporate entities defend their processes..... Technology options available, but only as good as support behind it
6 The ediscovery Process Electronic Discovery Reference Model (EDRM) 11 Similar Activities To Be Performed Nature of investigation Employee misconduct and abuse, fraud Violation of business practices and processes Theft of trade secrets Data security and cybercrime Foreign Corrupt Practices Act Antitrust Sarbanes Oxley (SOX) HIPAA investigations Processes and techniques same for: Undertaking due diligence Reviewing business practices Identifying wrongdoing Implementing/enhancing compliance programs 12 6
7 Goals Are Different Identification of culpability Focus on a few bad actors Find that Smoking Gun Rapid review process and limited focus Documenting what is not found in evidence may be equally important! Protection from liability or hope for leniency 13 Preliminary Planning Gathering information at kickoff Understand history of players Information already developed Review key issues and considerations Geographic locations Data privacy and protection laws Data export 14 7
8 Preliminary Planning (Cont d) Covert or overt investigation Internal resources available to work Role of IT department Appropriate information gathering process Understanding security protocols Is forensic analysis required? 15 Working As a Team Teaming Strategies Close alignment with investigative team and cross-communication re: work efforts Communication on IT policies and procedures/environment Aid in activation of capture mechanisms Security logs (pass cards, security codes) IM chat Journaling 16 8
9 Investigative Workflow & Methodology E-Discovery Provider Forensic Accounting Key word searches review Electronic file review Metadata analysis Phone record analysis Access log review Relationship analysis New Key Words Relationships New Corporations Relationships Transactions Accounting reports Financial statement General ledgers Invoices Contracts Expense reports New Electronic Evidence Key Words Relationships New Corporations Individuals Properties Relationships Traditional Investigation Interviews Office sweeps Corporate records Criminal records Property records Litigation records Media/News reports New Corporations Individuals Relationships New Corporations Transactions Accounts Individuals 17 Data Identification: Proactive and Reactive Evaluate policies & practices Understand where potential ESI resides 18 9
10 Proactive Planning By Data Mapping Create inventory of data repositories Evaluate relevant retention and disposal policies Develop deliverables to satisfy legal and regulatory requirements Ensure mapping is cross-functional Prepare evergreen process 19 Identification: Ask Right Questions First Develop an understanding of relevant IT systems Physical inspection Interview Get an organizational chart Obtain a schematic overview of systems Identify business owners Understand retention policies 20 10
11 Ask Right Questions First (Cont d) Determine what evidence exists and where it resides Who s got what, where, in what form? Who keeps what and for how long? Reporting features Custodian focused inquiries and capture Interview custodians Directory listings Include key administrators! 21 Preservation and Collection: Scope and Capture Define scope and protect integrity 22 11
12 Collection Scope Secure computers and data? Targeted capture and/or forensic images? Capture network share data? Retrieve loose media? Obtain mobile devices? Retrieve logs? Evaluate offsite and third-party systems? Identify and query databases? Consider legacy systems? Determine best backup tape strategy? 23 Protect Integrity and Security Using encrypted target drives Documenting all processes and procedures Securing data in evidence locker/safe Tracking and auditing the collection process Note: Policies, processes, and procedures around data collection may be in place if organization has proactively addressed 24 12
13 Preparing and Analyzing the Data Identify content and refine searches Prepare data for analysis and review 25 Post Collection & Pre-Review: Now What Do We Do? Evaluate non-user created files Identify file extensions of interest Extract or isolate files by file types Index and process data for search and review Note: Critical to understand implications of single or multi-step processing and loading 26 13
14 Sample Analytic Approach For Active Data Advanced Technology Human Judgment Search and validation Automated tools Sampling Collaboration Nuances of language Experience Oversight An effective defensible and transparent targeting process 27 Result of Targeting the Data Identification of critical themes, dates, time frames, custodians, and communication patterns Defensibility of search strategy and process Finding key documents to build on Further scoping and refinement 28 14
15 Formalized Review and Production Conduct document review Execute on delivery requirements 29 Document Review Dominates Budget and Time Note: Services and technology must be focused on reducing the money and time spent on the largest part of the EDRM lifecycle 30 15
16 Measure Search Impact Measure results from queries to refine Reduce costs without expense to quality of data Query # Query Total % Distinct % 02_001 (contaminat* OR discharg* OR release* OR dispos* OR leak*) w/3 (oil* OR waste* OR effluent*) 02_002 (pcb) OR (polychlorinated biphenyls) OR (aroclor) OR (arochlor) 02_003 ((greenville) OR (stony hill) OR (n woodstock) OR (north woodstock) OR (nw)) w/3 ((plant*) OR (site*) OR (facilit*) OR (location*)) 27, % 6, % 32, % 6, % 42, % 14, % 02_004 (manufactur* process*) 4, % % 02_005 (safety) w/3 ((manual*) OR (committee)) 1, % % 31 Get To Key Issues Rapidly and Effectively Using Iterative Search Techniques Test Sample Execute Measure & Report Modify Validate Document Execute Search Iteration 01 Iteration 02 Iteration 03 Indexed Dataset Approved Review Dataset Report Measured Results Consult with Team Modify Criteria as Appropriate 32 16
17 Precision and Recall Good Precision High Responsive Rate Good Recall Fewer Missed Items in Review A balance between Precision and Recall will provide more responsive documents with fewer responsive items missed. 33 Measure: Full Production Example Assuming all docs in collection reviewed Collection Actual Responsive Actual Privileged Search Result 34 17
18 Measure: Good Precision / Poor Recall Under-inclusive search. Search Term Results Good candidate for defensibility challenge Not an unduly expensive, but yet incomplete review scenario Collection Actual Responsive Actual Privileged Search Result 35 Measure: Good Recall / Poor Precision Over-inclusive search. Search Term Results Less likely candidate for defensibility challenge Unduly expensive review scenario Collection Actual Responsive Actual Privileged Search Result 36 18
19 Measure: Poor Recall / Poor Precision Search Term Results Under-inclusive and over-inclusive search. Good candidate for defensibility challenge Unduly expensive and incomplete review scenario Collection Actual Responsive Actual Privileged Search Result 37 Measure: Good Recall / Good Precision Targeted search. Unlikely candidate for defensibility challenge Search Term Results Right-sized review scenario as to cost and efficiency Collection Actual Responsive Actual Privileged Search Result 38 19
20 Precision and Recall: Getting There Final Iteration Iteration 2 Iteration 3 Validated Initial Testing, Search Feedback, Testing, Criteria Research Feedback, Research Case Team Interaction Case Search Team Criteria Interaction Non Hit Review by Investigative Team Collection Actual Responsive Actual Privileged Search Result 39 Document Review: Platform Considerations Do you have pre-defined terms you are working with or is there any effort to refine and test? What foreign languages need to be reviewed? Can the platform support large data volumes? Is there any degradation of performance based on the number of users accessing the platform? Are there complex tagging requirements? Will it meet your production and reporting needs? What are the costs? Is the pricing predictable? 40 20
21 What Happens To Deleted Files? Operating system just marks space as available True text of file still viewable with forensic software Text may stay on computer s hard drive for years 41 Example: Unallocated Space Remainder of space on the hard drive Is constantly used by the computer s operating system May hold vast amounts of old information 42 21
22 Data Forensics and Targeted Inquiries Did the employee communicate with others not previously identified during investigation? Evidence of any deletion or wiping software? Did searches against fragments, partially overwritten data identify any key communication or file? Files on images Was anything deleted? Wiped? Were there any file extension changes? What websites were accessed and when? Result: Further Refinement & Investigation 43 Web-Based Spotlight Did employee use webmail accounts? Messages are read while on the internet Pages are in HTML format Are any additional individuals identified through webmail? 44 22
23 Blackberries and Other Mobile Devices 45 Why Data Breaches Happen Targeted: Malicious actors or criminal attacks are the most expensive cause of data breaches and not the least common Targeted and Inadvertent: Breaches involving lost or stolen laptop computers and mobile devices remain a consistent and expensive threat Inadvertent: Negligence remains the most common threat 2010 U.S. Cost of a Data Breach conducted by Ponemon Institute 46 23
24 Anatomy of Breach Investigation Gain understanding of the incident Identify the known scope of breach Review IT infrastructure document to identify systems Interview relevant staff Timeline of business events Identify other computers potentially compromised Perform forensic imaging and collection Servers, relevant laptop, and desktops Imaging of operating system and logs Gather any copies of previously preserved data for gap analysis 47 Anatomy of Breach Investigation (Cont d) Analyze audit logs for activity and identify source User Assist Logs: programs and times they were run Internet History: installation occurred and accessed sites Prefetch Files: what and when a program was run Network analysis logs for the when and where Firewall Logs: activity undertaken during time in question Proxy Logs: logging of network web traffic and volumes Intrusion Detection Logs: watch traffic to detect unusual activity Perform malware analysis Review programs started when computer is logged on or booted Identify any software running in odd locations Evaluate when malware installed 48 24
25 Remediation Reporting and remediation Develop and outline timeline Assist with technology response Risk mitigation/incident response Provide management with information for action Monitor network for signs of additional compromise Patch and fix security vulnerabilities Conduct risk assessment and independent testing Evaluate effectiveness and adequacy of response Certify security process and perform audits 49 Other Key Quick Wins and Best Practices Expand use of encryption Inventory storage, control, and tracking Strengthen information security governance Deploy solutions and anti-malware tools Improve physical and network security Train personnel and develop awareness Vet security of partners and providers 50 25
26 Key Information Security Requirements ISO Auditable international standard with 133 controls International gold standard for information security; rigorous audit process SAS 70 Less defined than ISO27001 SSAE 16 Supersedes SAS 70 Additional requirements added EU Safe Harbor and Similar Data Protection Provisions Certification needed to accept the transfer of data from the EU and other jurisdictions 51 Questions 52 26
27 Thank You Contact: Andy Teichholz, Esq. Senior ediscovery Consultant (212) ext
INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationTake control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.
AD ediscovery Collect, Audit and Analyze with a Seamless, Secure Solution Take control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationDEFINITIONS AND REFERENCES
DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationFrom the Lab to the Boardroom; Forensics goes mainstream
From the Lab to the Boardroom; Forensics goes mainstream Jim Butterworth, EWC USN (Ret.), EnCE & GCIA, Director of Incident Response, Guidance Software Definition: P A G E 1 Computer Forensics The Scientific
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationUNCLASSIFIED. Mimecast UK Archiving Service Description
UNCLASSIFIED 26/05/2016 v2.3 Mimecast UK Email Archiving Service Description Mimecast UK Email Archiving, provides businesses with a secure, scalable cloud-based message archive. It s designed to significantly
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationCommon approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.
Common approaches to email management Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C. Agenda 1 2 Introduction and Objectives Terms and Definitions 3 Typical
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationE-DISCOVERY PRESENTATION E-DISCOVERY 101: BASICS
E-DISCOVERY PRESENTATION E-DISCOVERY 101: BASICS Agenda E-discovery Legal Issues Elements of a Litigation Hold Identification and Data Mapping of ESI Preservation and Collection Early Case Assessment Processing
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationCompliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationMySQL Enterprise Security
MySQL Enterprise Security Mike Frank Product Management Director Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationSarbanes-Oxley Act (SOX)
Sarbanes-Oxley Act (SOX) Introduction The Sarbanes-Oxley (SOX) Act was introduced in 2002 to protect shareholders and the general public from fraudulent accounting activities by bringing greater accountability
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationUSING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES
WHITE PAPER USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES Table of Contents I. Overview II. COSO to CobIT III. CobIT / COSO Objectives met by using QualysGuard 2 3 4 Using QualysGuard
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationZEROING IN DATA TARGETING IN EDISCOVERY TO REDUCE VOLUMES AND COSTS
ZEROING IN DATA TARGETING IN EDISCOVERY TO REDUCE VOLUMES AND COSTS WELCOME Thank you for joining Numerous diverse attendees Today s topic and presenters This is an interactive presentation You will receive
More informationPROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
More informationTHE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155
THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION Session #155 David Forrestall, CISSP CISA SecurIT360 SPEAKERS Carl Scaffidi, CISSP, ISSAP, CEH, CISM Director of Information Security Baker Donelson AGENDA
More informationGDPR: A technical perspective from Arkivum
GDPR: A technical perspective from Arkivum Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationPROVIDING INVESTIGATIVE SOLUTIONS
PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationVulnerability Management
Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6
More informationAgenda. Bibliography
Humor 2 1 Agenda 3 Trusted Digital Repositories (TDR) definition Open Archival Information System (OAIS) its relevance to TDRs Requirements for a TDR Trustworthy Repositories Audit & Certification: Criteria
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationSymantec Document Retention and Discovery
IT POLICY COMPLIANCE Symantec Document Retention and Discovery A state-of-the-art solution that simplifies the discovery of email and other files, enhances litigation readiness, and helps ensure compliance
More informationBusiness White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data
Business White Paper Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Page 2 of 7 Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Table of Contents Page 2
More informationTHE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.
THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.FFa) BROCHURE Contents INTRODUCTION... 3 THE IICFA... 4 Basic Entry qualifications...
More informationSection 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016
Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationConsolidation Committee Final Report
Committee Details Date: November 14, 2015 Committee Name: 36.6 : Information Security Program Committee Co- Chairs: Ren Flot; Whitfield Samuel Functional Area: IT Functional Area Coordinator: Phil Ventimiglia
More informationMcAfee Total Protection for Data Loss Prevention
McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationAmit Panchal Enterprise Technology Strategist
Amit Panchal Enterprise Technology Strategist amitp@microsoft.com Who is Amit Panchal IT Industry Personal Education Executive Experience MORE DEVICES I love my PC, my phone, and my slate. MORE MOBILE
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More information