Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Transcription

1 Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting

2 Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in Oil and Gas within the Business within Information Technology Current Levels of Integration An Integrated Approach to Incident Response Case Study: Multiple Threat Incidents Questions The Houston Flood of 2016

3 Enaxis Introduction The Right Partner for Energy Clients Positioned between business & technology in complex O&G industry Founded and led by consultants from large consulting firms in 2002 Houston and Dallas locations with consistent growth Strong value proposition and flexibility in engagement Committed to Quality of Service Specialized player in IT in the Energy Business Proven methodologies, thought leadership, templates and knowledge base Our People Average consultant experience is 15 years Advanced degrees from top tier universities Approximately 50% come from large consulting firms and the rest from the Energy industry Work-life balance is very important Heavy emphasis on training and certifications

4 Enaxis Introduction Practice Areas within Service Offerings Addressing clients issues with flexibility & market knowledge Management Consulting IT Strategic Services Project Leadership Data Management Process Optimization Merger Integration Organizational Development Value Assurance Business Continuity & Compliance Design Thinking IT Strategy & Planning Outsourcing Advisory & Vendor Management IT Governance & Operations IT Portfolio Management IT Infrastructure Strategy Application & ERP Strategy Cybersecurity Project & Program Management Business Analysis & Requirements Change Management & Training Technical SME MCP Project Management Data Management Strategy Data Governance Master Data Management Data Quality Management Upstream Midstream Downstream Utilities

5 Presenter Bio: Brian Coates Brian Coates is a Senior Manager with over 18 years of experience in enterprise risk management, business continuity and disaster recovery, IT audit, Program/Project Management, service delivery, compliance, governance, information management, change management, process improvement and work management. Brian's diverse skillset and ability to execute have allowed him to lead and deliver successful projects in the energy, financial services, logistics, and retail industries. Brian has a demonstrated ability to lead teams to innovative solutions to complex business and IT challenges. Prior, Brian held positions with two of the Big 4 consulting firms and an oilfield engineering firm. Brian earned his BS in Emergency Administration and Planning from The University of North Texas.

6 Incident Response / Incident Management in Oil and Gas Incident management and response is a very mature and prescriptive process within the oil and gas industry. Focus is on responding to events affecting assets, human capital and the environment. Crisis Management Emergency Management (EOC) HR Ops/Prod HSE Legal Finance Procurement Technical Commercial Emergency Response Evacuation Life Safety Conservation Communications & Data Sharing Incident Command System (ICS) Federal State Local

7 Incident Response / Incident Management in the Business Incident management and response from a business perspective is significantly different than an emergency event or an IT related event. The focus is on restoring any damage to the overall business image or to minimize any legal risks. 57% of business disasters are IT related. The loss of IT capacity and telecommunication is viewed as the worst disruption scenario for a business. What does the business consider to be an Incident? Source: What does the business typically do to respond to this Incident? Identify, log, categorize, prioritize, diagnose, escalate, investigate, resolve, recover, and close Invoke Recovery Plans

8 Incident Response / Incident Management in Information Technology The goal of incident management within Information Technology is to restore normal service operation and access to information and data as quickly as possible following any form of unplanned outage or loss of data. 86% of businesses experienced downtime in the last 12 months and the average downtime lasted for 2.2 days Source: What does IT consider to be an Incident? What does the business typically do to respond to this Incident? Identify, log, categorize, prioritize, diagnose, escalate, investigate, resolve, recover, and close Invoke Recovery Plans Technical capabilities to recover and restore information systems and data

9 Incident Management Current Levels of Integration Oil and gas companies continue to operate in silos where each business unit is responsible for implementing processes and tools Crisis Management Incident Response Team Security Team Emergency Operations Center Notification and Resource Tracking Systems Incident Management Service Delivery Incident Management Escalation Health, Safety and Environmental Incident Response Corporate Security Business Continuity Disaster Recovery Cyber Security Incident Management Service Delivery Incident Management HSE Systems Security Systems Planning & Response Systems SIEM Tool Event

10 An Integrated Approach to Incident Response Oil and gas companies continue to operate in silos where each business unit is responsible for implementing processes and tools Emergency Operations Center / Crisis Management Incident Monitoring & Response Health, Safety and Environmental Incident Response Business Continuity Corporate Security Disaster Recovery Cyber Security Incident Response Service Management Incident Response Anomaly Based Detection Threat Correlation Business Responses IT Responses Common Processes and Tools All Hazards, Integrated Approach to Incident Management Process and Systems Integration

11 Case Study: Multiple Threat Incidents Event #1: People with unauthorized access to the building are identified and escorted off the premises (Corporate Security) Event #2: IT systems failure that impacted the virtualized servers where all security monitoring tools are hosted, disabling monitoring and logging of systems (Information Technology) Event #3: Fraudulent using legitimate executive names and addresses is received requesting the Controller to wire money to an international account (Cybersecurity Incident Response Team)

12 Questions & Discussion

13 The Houston Flood of Inches of rain that fell in the Houston area in less than 24 hours