Key Takeaways. 4. Stay calm and do no harm in an incident Overreacting can be as damaging as underreacting
|
|
- Gilbert Bryant
- 5 years ago
- Views:
Transcription
1
2
3
4 Purpose of the Guide Organizations face many pitfalls that can dramatically increase the negative impact of an incident The guide includes recommendations for technical, operational, legal, and communications aspects of a major cybersecurity incident and is focused primarily on the Respond and Recover phases defined in the NIST cybersecurity framework (NIST CSF) The guide is a collaboration between Microsoft, EY, Edelman and Orrick and brings together leading practise from the respective focus areas of each of these global class leading organizations
5 Key Takeaways 1. Preparation pays off Preparing for a major incident can reduce damage to the organization, as well as reduce incident cost and management difficulty 2. Operationalize your incident management processes Managing major cybersecurity incidents must be part of standard business risk management processes 3. Coordination is critical Effective cybersecurity incident management requires collaboration and coordination of technical, operations, communications, legal, and governance functions 4. Stay calm and do no harm in an incident Overreacting can be as damaging as underreacting
6
7 Preparation Overview Good preparation for responding to a cybersecurity attack can significantly reduce the business risk of an attack and the difficulty of managing the response and recovery Cybersecurity incident response preparation helps the organization think through and plan key aspects the enterprise cybersecurity response plan across these key functions: Technology Operations Legal Communication
8 Technology General Identify High-Value Assets (HVAs) Identify the critically important business assets and their technical composition (servers, applications, data files, etc.) This classification will also be useful for prioritizing protective and detective controls for these assets and identifying threats to them Confirm reliable software deployment Incomplete or unreliable software deployment systems can significantly hamper recovery efforts Ensure the ability to rapidly execute scripts/installers on all endpoints
9 Technology Investigation Phase Threat detection and monitoring capabilities Ensure the tools and skills are in place that allow detection of advanced attackers in your environment These capabilities are constantly evolving, but an advanced program currently would include: o Event correlation and analysis o Integrated threat intelligence (CTI) o User and entity Behavioural Analytics o Ability to detect IOCs from historical patterns and IOAs for evolving techniques o Machine Learning (ML) and advanced Analytics
10 Technology Investigation Phase Investigation and forensic capabilities Ensure the ability to investigate targeted attacks through malware and attack activity analysis to produce an accurate attack timeline Capability can be built internally via own tools and analysts or via managed cybersecurity services (MDR) Track and analyze response costs To enable risk management, keep a record of the costs involved in responding to incidents IR cost elements include: o Direct costs (e.g. external services, repair/replacement of damaged equipment, etc.) o Labour cost of the IR team spent on investigation and recovery o Reputational cost impacting on your organization s business
11 Validated backup and recovery capability for critical data Prepare for a destructive attack that deletes or encrypts data (such as ransomware) by validated the ability to recover critical data Data can be backed up using an offline and/or ransomware resistant cloud backup capability Create technical recovery documentation Write and validate technical recovery documentation (and/or use automation) for procedures that are frequently required during a security incident, including: o Compromised account recovery procedures o Compromised host recovery procedures o Network segregation and isolation procedures
12 Operations General Establish a framework Create a framework that defines the incident management program The framework must clearly delineate roles & responsibilities (RACI) as well as the operations model for security incident handling Adopt a disaster management approach Major incidents represent an organizational crisis and require a command structure to manage them For example, Incident Command System (ICS) is used extensively in disaster management and is extremely effective for cybersecurity incidents
13 Operations General Exercise your crisis process Establish a schedule to exercise crisis teams and processes on relevant scenarios Exercises should include individual components of the incident management program as well as tabletop exercises that include all elements & stakeholders (legal, communications, and organizational leadership) Exercises must also validate nonintrusive technical procedures including backup recovery and threat detection tools Emergency approval process - A streamlined emergency approval process should exist for handling rapid changes during an incident e.g., authority to approve rapid change proposals without change board approvals Establish clear guidelines for escalation Document when internal investigations should escalate to specialists and external investigation teams based on time spent on investigation, complexity, malware type, specific adversary, etc.
14 Operations Preparedness - Lessons Learned Just buying more tools does not equal better security Buying tools without having time and skills to use them is a waste and a distraction Enabling every log source will only drown you in data, slowing investigation Placing your security staff in a dual role with IT operations diminishes their effectiveness Preparing staff sufficiently and scheduling availability of required resources reduces the cost of incidents Capturing lessons learned is critical to ensure improved incident handling in future
15 Communications General Cyber attack communications expectations Organizations are not expected to prevent all security incidents, but they are expected to effectively manage them Increasingly companies will be judged (by regulators and customers) by how well they manage incidents Effective cybersecurity incident communications Effectively communicating security incidents requires careful planning, and an understanding of the unique dynamics inherent in cybersecurity issues Most crises require transparency and speed of communication, but the complex nature of cyber incident investigation make facts fluid, which could lead to unnecessary negative coverage and could also alert attackers
16 Communications Response Plan Appoint a communications lead In a crisis, precious time and energy can be lost identifying who is leading communications Pre-appoint a communications lead with insight into cybersecurity response as part of the core team Draft a communications plan Many companies have technical incident response plans but what s often missing is a communications-centric portion to manage what to disclose to whom and when Develop the communications portion of existing incident response plans, including clear ownership and approval processes Create a stakeholder map A company must understand its contractual obligations to inform various stakeholders Map the stakeholders that need to receive communications including customers, media, partners, regulators, employees and vendors
17 Communications Response Plan Develop draft media statements Draft statements and other materials should be created for the major types of incidents expected for the early stages of an investigation Develop key communications considerations for each of the expected incidents, to help guide decision-making (e.g. if and under what circumstances the company would pay to remove ransomware) Practice the plan Host tabletop exercises with members from the entire incident response team to test how they would react to the media, customer, and regulator attention Tabletops are best done in conjunction with outside legal counsel and are intended to focus on all the non-technical aspects of incident response
18 Legal General Designate a cyber lead from Legal Cybersecurity incident response preparation must include evaluating and managing legal risk Legal counsel (internal and/or external) should direct certain incident response preparation activities and retain outside forensic and communications experts Review policies and public statements Public representations (e.g., privacy statements, service representations) and also internal security policies must be abided by to reduce legal risk Policies and public disclosures must be regularly reviewed to represent the current state Conduct regular board briefings Directors cannot fulfil their fiduciary responsibilities if they are not aware of the risks Boards should be regularly briefed on cybersecurity risks, and have sufficient information and expert assistance, so that they can effectively manage cybersecurity risk
19 Legal General Manage third party vendors Perform diligence on vendors to evaluate the risks that they present as vendors are often the weakest link Negotiated agreements to include security standards, as well as legal protections (indemnification, limitation of liability, insurance, etc.) that vendors must comply with The incident plan should include how vendors will cooperate as part of the incident response team Develop an audit, review or certification process to test vendors compliance with security standards and the incident response plan
20 Legal General Involve legal council in developing the incident plan Regulators and plaintiffs focus on the technical security measures in place, as well as the speed, efficiency, and effectiveness of the response to a cyber attack Involve expert cyber counsel to craft operationally effective processes that reflect the latest insights from regulators and litigated cases Conduct cybersecurity assessments and tests at Legal s direction Legal counsel should direct penetration tests, vulnerability assessments, etc., in close collaboration with Security Operations, thus protecting related communications, work products, etc. under legal privilege Reports should be prepared sparingly, and only at the direction of counsel to minimize discovery risks Organizations often cannot implement all the recommendations from these assessments, and should make risk based judgments around remediation and mitigation efforts to show due diligence
21
22 Incident Handling Overview Keep calm Incidents are extremely disruptive and can become emotionally charged Stay calm and focus on prioritizing efforts on the most impactful actions first Do no harm Incident response must avoid loss of data, loss of business critical functionality, and loss of evidence Avoid decisions that compromise the ability to create forensic timelines, identify root cause, and learn critical lessons Strike critical balances Speed - balance the need to act quickly to satisfy stakeholders with the risk of rushed decisions Sharing information - inform investigators, stakeholders, and customers while limiting liability and unrealistic expectations Be accurate Confirm anything shared with the public and to customers is correct and truthful Get help when needed Investigating and responding to attacks from sophisticated attackers benefits significantly from deep expertise and experience
23 Investigation Phase Critical Success Factors Identify scope of attack operation Most adversaries use multiple persistence mechanisms, try and uncover them all Identify objective of attack, if possible - Persistent attackers will frequently return for their objective (data/systems) in a future attack, so it is imperative to secure all vulnerabilities associated with the objective Stay focused Keep the focus on business-critical data, customer impact, and getting ready for remediation Don t investigate forever Ruthlessly prioritize investigation efforts (e.g., only perform forensic analysis on hosts that attackers have actually used or modified). When an attacker has administrative privileges, it is impractical to investigate all potentially compromised resources. Response capability will be negatively impacted Plan for 50% of staff operating at 50% of normal capacity due to situational stress
24 Investigation Phase - Tips Consider ICS for crisis management If there is no permanent function that manages security incidents, its recommend to use ICS as a temporary organizational structure to handle the crisis The show must go on Confirm the daily security operations are not completely side lined to support incident investigations as the normal work still needs to be done Don t use online scanners Many adversaries monitor instance counts on services like VirusTotal for discovery of targeted malware Don t modify the environment Unless faced by an imminent threat of losing business critical data (deletion, encryption, exfiltration), do not start recovery operations until the investigation is complete Share information Confirm that all investigation teams (including all internal teams and external investigators) are fully sharing their data with each other Access the right expertise Integrate people with deep knowledge of the systems into the investigation (internal staff or external entities like vendors as needed), not just security generalists Legal check Check with Legal on whether they plan to involve law enforcement so that investigation and recovery procedures are planned appropriately Avoid wasteful spending Many major incidents result in organizations purchasing an assortment of expensive security tools in a panic that are never deployed or used. If new tools can t be deploy and used during the investigation, defer acquisition until after the investigation is finished.
25 Recovery Phase Critical Success Factors Clear plan and defined scope Work closely with technical teams to build a clear plan with defined scope whilst being diligently to limit scope creep as the recovery unfolds. Limit response scope to assure the recovery operation can be executed within 24 hours or less. Coordination and role clarity Establish distinct roles for recovery operations, including designating a clear project lead, in support of the crisis team and confirm technical, legal and communications teams are keeping each other informed Business perspective Always consider the impact on business operations, both through adversary actions and your response actions Stakeholder communications Work with communication teams to provide timely updates and active expectation management for organizational stakeholders Avoid distractions Anything that does not have direct and immediate impact on the current recovery operation is a distraction, e.g. investing new security solutions
26 Recovery Phase - Tips Never reset all passwords at once Password resets should focus first on knowncompromised accounts (from investigation) and potentially administrator/service accounts. If warranted, user passwords should be reset only in a staged/controlled manner. Consolidate execution of recovery tasks Unless there is an imminent threat of losing business-critical data, use a consolidated operation to rapidly remediate all compromised resources (hosts, accounts, etc.) vs. remediating compromised resources as they re discovered. Compressing recovery will make it difficult for adversaries to adapt and maintain persistence. Use existing tools Research and use the capabilities of tools already deployed (software deployment, antimalware, etc.) before trying to deploy and learn a new tool during a recovery Avoid tipping off adversaries Adversaries typically have access to all production data and in a major cybersecurity incident, but may not have time to monitor all your communications. Despite this, take steps to limit the information available to adversaries about the recovery operation. Know your capabilities and know your limits Managing major security incidents is very challenging, complex, and new to many organizations. Bring in expertise from external organizations/professional services if the response team is overwhelmed or aren t confident. Capture lessons learned Build and continually improve role-specific handbooks for security operations, even if it s your first incident without any written procedures
27 Communications Critical Success Factors: Focus on actions not outcomes - Focus communications on actions the company is taking to investigate and remediate the incident. Avoid disclosing details of the incident until there is forensic certainty of the facts. Keep customers as your north star - Focus on how operations are helping protect customers vs. details about the incident (who, how, etc.). Focus on providing actionable guidance to customers. Keep media interactions transactional - Contain and manage news coverage of the event and confirm that the key messages of the company come across, which can be achieved by providing the media with written statements and only granting media interviews if necessary Tips: Leverage your owned properties - Create a single online destination where stakeholders can get accurate and updated information, including official company statements, Q&As for customers, and useful resources Brief internal audiences - Brief customer-facing employees about the incident and provide them with the appropriate talking points or escalation processes, should they get questions Monitor the conversation - Use crisis-specific traditional and social media monitoring to detect media leaks early in an investigation and then to understand the sentiment once an issue is disclosed publicly Consider steps to regain or earn trust - Consider if there are steps the company should take to regain customer trust after an incident is concluded
28 Legal Critical Success Factors: Maintain confidentiality and protect privilege - Legal counsel should direct the investigation and response efforts, in close partnership with the IT Security Operations lead, to identify legal obligations and manage risk, thereby adding confidentiality protection through legal privilege Identify legal statutory, contractual, and other obligations - Consider notification and communication decisions carefully in light of current legal interpretations, as well as accepted and expected practices Engage law enforcement - Engage law enforcement as part of incident response, as it is often required depending on industry (e.g. government) and type of data affected (e.g. credit card breach) Tips: Take care regarding post-breach actions/statements - All communications and post-breach accommodations to affected individuals should be carefully vetted to managing risk as plaintiffs can use post-incident actions and communications to support potential lawsuits Keep executives/board members adequately informed - Updates must balance the quality and quantity of information to enable them to carry out their fiduciary responsibilities and exercise business judgment, while avoiding overloading them with technical details
29
30
Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationINCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER
INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER 1 INCIDENT RESPONDER'S FIELD GUIDE TABLE OF CONTENTS 03 Introduction
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationThe Resilient Incident Response Platform
The Resilient Incident Response Platform Accelerate Your Response with the Industry s Most Advanced, Battle-Tested Platform for Incident Response Orchestration The Resilient Incident Response Platform
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More information2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationAdvising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a
More informationCyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response
Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationIncident Response and Cybersecurity: A View from the Boardroom
IT, Privacy & Data Security Webinar Incident Response and Cybersecurity: A View from the Boardroom Gerard M. Stegmaier, Reed Smith Partner IT, Privacy & Data Security Samuel F. Cullari, Reed Smith Counsel
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationReal-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant
Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant Agenda The Presentation Beginning with the end. Terminology Putting it into Action Additional resources and information
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationData Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationT11: Incident Response Clinic Kieran Norton, Deloitte & Touche
T11: Incident Response Clinic Kieran Norton, Deloitte & Touche Incident Response Clinic Kieran Norton Senior Manager, Deloitte First Things First Who am I? Who are you? Together we will: Review the current
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationTHE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK
THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationCylance Axiom Alliances Program
Alliances Program Cylance Axiom Alliances Program Program Overview The Cylance Axiom Alliances Program is a community of cybersecurity solution providers working together to deliver a prevention-first
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationSEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks
SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks By Richard A. Blunk (Thermopylae Ventures, LLC) and Apprameya Iyengar (Morrison Cohen LLP) The SEC has continued
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationSECURITY INCIDENT MANAGEMENT. Solution Primer. Jenn Black. Senior Research AnalystSolutions Research and Development Office of the CISO, Optiv
SECURITY INCIDENT MANAGEMENT Solution Primer Jenn Black Senior Research AnalystSolutions Research and Development Office of the CISO, Optiv Introduction Today, the capability to respond effectively to
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationGoverning cyber security risk: It s time to take it seriously Seven principles for Boards and Investors
www.pwc.co.uk Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors Dr. Richard Horne Cyber Security Partner PwC January 2017 Board governance is often
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationTen Ways to Prepare for Incident Response
Ten Ways to Prepare for Incident Response 1 Ten Ways to Prepare for Incident Response Introduction As a senior consultant on the Foundstone Services incident response and forensic team, I regularly respond
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationRSA ADVANCED SOC SERVICES
RSA ADVANCED SOC SERVICES Consulting services to improve threat detection and response EXECUTIVE SUMMARY A holistic approach to enhanced cybersecurity operations This service is for organizations needing
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationHITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.
HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationTRUE SECURITY-AS-A-SERVICE
TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationStaffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today
Security Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today Staff Augmentation, Executive Staffing, Flex Staffing Achieving our main goal
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationAND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING
PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationBREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE
BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?
More information