Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Similar documents
Are we breached? Deloitte's Cyber Threat Hunting

Cyber Security Incident Response Fighting Fire with Fire

Risk Advisory Academy Training Brochure

CYBER RESILIENCE & INCIDENT RESPONSE

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Building an informed community New cyber threat landscape makes sharing intelligence imperative

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cyber crisis management: Readiness, response, and recovery

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Cyber Espionage A proactive approach to cyber security

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Vulnerability Management. June Risk Advisory

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Emerging Technologies The risks they pose to your organisations

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

The cyber security imperative. Protect your organization from cyber threats

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Sage Data Security Services Directory

MITIGATE CYBER ATTACK RISK

Cyber Risk Services Going beyond limits

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

CYBERSECURITY MATURITY ASSESSMENT

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Changing the Game: An HPR Approach to Cyber CRM007

INTELLIGENCE DRIVEN GRC FOR SECURITY

The University of Queensland

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Security in India: Enabling a New Connected Era

Cybersecurity. Securely enabling transformation and change

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Five essential steps to improve cybersecurity Trekking toward a more secure, vigilant, and resilient organization

Real estate predictions 2017 What changes lie ahead?

SOLUTION BRIEF Virtual CISO

Cyber Resilience. Think18. Felicity March IBM Corporation

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Security and Privacy Governance Program Guidelines

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

FOR FINANCIAL SERVICES ORGANIZATIONS

CYBER INSURANCE: MANAGING THE RISK

Cyber Security is it a boardroom issue?

How to be cyber secure A practical guide for Australia s mid-size business

Cyber Security Program

NEXT GENERATION SECURITY OPERATIONS CENTER

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Incident Response Services

Vulnerability Assessments and Penetration Testing

Symantec Security Monitoring Services

Anticipating the wider business impact of a cyber breach in the health care industry

Cybersecurity and the Board of Directors

Run the business. Not the risks.

GDPR Update and ENISA guidelines

HOSTED SECURITY SERVICES

Addressing the elephant in the operating room: a look at medical device security programs

Digital Wind Cyber Security from GE Renewable Energy

Continuous protection to reduce risk and maintain production availability

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Canada Life Cyber Security Statement 2018

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Building and Testing an Effective Incident Response Plan

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

M&A Cyber Security Due Diligence

to Enhance Your Cyber Security Needs

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Achieving effective risk management and continuous compliance with Deloitte and SAP

CYBER SOLUTIONS & THREAT INTELLIGENCE

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

locuz.com SOC Services

Background FAST FACTS

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Cybersecurity, safety and resilience - Airline perspective

May the (IBM) X-Force Be With You

Security Awareness Training Courses

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Copyright 2016 EMC Corporation. All rights reserved.

The value of visibility. Cybersecurity risk management examination

Address C-level Cybersecurity issues to enable and secure Digital transformation

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

BHConsulting. Your trusted cybersecurity partner

A new approach to Cyber Security

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Cyber Security Strategy

THE POWER OF TECH-SAVVY BOARDS:

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

What It Takes to be a CISO in 2017

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Transcription:

Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1

2 Today, no Canadian business is immune from a potential attack. It s no longer a question of if your organization will be attacked. It s a question of when.

Staying ahead of adversaries The cyber threat landscape continues to expand rapidly. With each passing day, the cyber attacker ranks grow larger, as does their level of sophistication and the number of organizations they target. Preparing for the inevitable cyber incident involves more than preparing to react to merely neutralize a one-off attack. It involves the ability to respond effectively and repeatedly to plan proactively, to defend your critical systems and data assets vigorously, to get ahead of evolving threats, and to recover thoroughly when attacks do occur. As cyber attacks increasingly take a toll on corporate bottom lines and reputations, developing a strong cyber incident response (CIR) capability becomes essential for businesses that seek to build secure, vigilant, resilient organizations. A strong CIR capability can help your organization: Quickly understand the nature of an attack to help answer and address the questions of what, where, how, and how much Minimize the costs associated with data loss in terms of the cost of time, resources, and diminished customer confidence Introduce a heightened level of management and controls that can strengthen your IT and business processes, helping your organization focus on core activities that deliver value for the enterprise Cyber Incident Response 3

What it takes Developing a CIR capability that can position your organization to meet evolving threats requires both an operational framework as well as an understanding of the cyber incident life cycle. Building a framework your CIR house and building knowledge of the phases of threat management gives your organization essential tools for proactively responding to cyber incidents. Governance Incident Response cross-functional coordination, documentation, and stakeholder communication Strategy Technology Business operations Risk & compliance Organizational strategy in dealing with cyber incidents, including executive, board, and customer communication. Technical Incident Response, forensics, malware analysis, log analysis, and IT operations support. Operational resilience during cyber incidents through integrated business continuity and disaster recovery processes and proactive communications. Risk and compliance management, including interfacing with regulators, legal counsel, and law enforcement. Remediation Remediation of incident root cause and associated business processes. 4

Governance Set tone at the top Align strategy with organizational goals Provide mechanism for cross-functional communication Strategy Avoid tunnel vision when planning response and recovery strategies Reduce adverse impact to operations and revenue streams during incidents Align IR efforts with security management and IT engineering initiatives Technology Create an architecture that can rapidly adapt to and recover from cyber incidents Improve situational awareness Confirm that applications are highly resistant to standard attack vectors Business operations Protect revenue, IT, physical assets, and personal assets Respond to unplanned events with minimal disruption Plan for and recover from any disruption quickly Risk and compliance Demonstrate alignment with obligations Embrace a risk-based approach focusing on high-impact areas Strengthen ability to address regulator and law enforcement inquiries Remediation Develop a remediation plan that includes short-term and long-term goals Close identified gaps in technical and business processes Monitor technology infrastructure for repeat events Cyber Incident Response 5

Incident response lifecycle The incident response lifecycle begins before an incident even occurs. Vigilant organizations can develop a proactive and responsive set of capabilities that allow them to rapidly adapt and respond to cyber incidents and to continue operations with limited impact to the business. Sustain Governance and strategy Proactive Recover Architecture and operations Responsive Respond Incident detection Triage Proactive Responsive Governance and strategy Architecture and operations Incident detection Triage Respond Recover Encompasses design and development of an incident response program covering organization, processes, and procedures Involves design and implementation of a resilient IT infrastructure to sustain business operations Leverages cyber threat intelligence (CTI) capabilities such as CTI sharing with industry peers and other CIR methods to develop a comprehensive cyber monitoring program and to support ongoing monitoring and detection; efforts can integrate with Deloitte s Fusion SIEM monitoring services Involves gathering information on multiple incidents and then prioritizing individual incidents and steps for incident response Focuses on taking risk-mitigating actions to prevent further impact to the organization Emphasizes near-term incident remediation, remediation strategy, and roadmap development Sustain Concentrates on resuming normal business operations, as well as developing long-term risk mitigation and documenting lessons learned 6

Putting the pieces together with Deloitte Deloitte offers organizations critical guidance for building the pieces of a strong CIR capability and for putting those pieces together. We also offer a suite of focused CIR offerings to help organizations proactively monitor and respond to threats. Deloitte s comprehensive approach aims to deliver timely and actionable information for investigating and responding to data breaches so you can understand attackers motives and the data they seek and so you can make timely decisions about business and system protection. The approach is one that leverages our deep experience across industries and our understanding of the challenges, risks, and opportunities that large, complex organizations face. And it s an approach that we customize for each client as we work to provide guidance and solutions that can work for you, your business goals, and your data needs. Here s a look at three key areas on which we focus as we help organizations put together the pieces of a strong CIR capability. Remediation Compromise investigation Deloitte Cyber Incident Response Damage assessment Compromise investigations seek to confirm the avenues of attack involved in cyber incidents, identify related post-event network activity, and identify additional compromised endpoints and user accounts. Attempting to understand the potential breadth and scale of an incident is central to a compromise investigation. Damage assessments focus on determining which data have been accessed or exposed, as well as attempting to understand a cyber adversary s motives and possible next steps. The assessments can bring to light issues that need to be addressed and can provide insights on how a loss, leakage, or exfiltration of data might affect your business. Remediation activities help you get your systems back to normal as quickly as possible, while fortifying your organization against your attacker. Deloitte examines various incident indicators, known vulnerabilities, and software patch statuses to develop short-range, mid-range, and long-range remediation efforts that can further bolster your organization s security posture. Cyber Incident Response 7

A broad set of capabilities When it comes to incident response services, Deloitte understands the spectrum of capabilities organizations need to provide end-to-end protection from preparation to recovery. Maintaining a proactive stance, responding strategically to incidents, and recovering in a sustained manner can help organizations develop the secure, vigilant and resilient posture they need to fight evolving cyber threats. Capability Description Enterprise-wide IR plan assessment, design, development, training, and implementation Proactive Governance and strategy Architecture & operations Incident detection Leadership guidance for understanding response impact and management Retainer services to assist clients with IR in the event of an incident Cyber attack simulations Cyber threat intelligence (CTI) and CTI sharing with peers Leadership to drive incident response based on strategic, business, and technical needs Responsive Triage Respond Recover Sustain Technical analysis to triage incidents, determine the impact, and investigate the root cause Support to contain the incident Support with post-incident public relations Risk and compliance support for managing legal, regulatory, and customer impacts Assistance in working through business interruptions Leadership to organize and manage recovery efforts based on strategic, business, and technical needs Remediation, sustainment, and recovery support after an attack, whether large or small Integrated technical and business capabilities to support post-incident management support 8

The Deloitte difference Deloitte delivers a powerful blend of technical skills, business experience, and industry insights when helping clients put in place effective CIR capabilities. Our solutions are comprehensive. Deloitte s end-to-end CIR services help our clients prepare for, respond to, and recover from incidents across the entire incident life cycle. Our CIR experience is deep. We annually perform more than 1,000 cyber risk assessments throughout North America, and our acquisition of Vigilant Inc. has bolstered our security monitoring and cyber threat intelligence capabilities. Our reach is broad. With professionals working at Deloitte member firms across the globe, we re prepared to address cyber challenges wherever they might occur within your organization. Our resources are on target. To address cyber incidents, Deloitte brings to bear experienced professionals using field-tested tools, leveraging a network of cybersecurity intelligence centres that allow us to respond to incidents immediately in almost any setting. Our live support capabilities are unsurpassed. Deloitte s Cyber Intelligence Centre (CIC) serves as a national resource for businesses throughout Canada, providing a range of customized, integrated security services that deliver round-the-clock business-focused security for critical systems and data. Package Features Bronze Master services agreement No service level agreement Silver Gold Master services agreement Service level agreement with response time as follow: Remote 12 hours On site 36 hours Monthly Cyber Threat Intelligence summary Master services agreement Service level agreement with response time as follow: Remote 12 hours On site 24 hours Monthly Cyber Threat Intelligence summary Cyber threat assessment Cyber Incident Response 9

Cyber Intelligence Centre (CIC) Cyber threats are evolving in volume, sophistication and impact, making it harder for internal security teams to detect and address advanced threats around the clock. Deloitte s Cyber Intelligence Centre (CIC) can help you manage cyber risks with a range of customized, integrated security services that deliver 24 7, business-focused security for your critical systems and data. Security Information and Event Management (SIEM) Advanced threat detection Intrusion prevention and detection Firewall management End point protection Data leakage protection Web proxy and URL filtering Brand monitoring Vulnerability management Breach detection, incident response and management Whether you re looking for a fully managed cybersecurity solution or a way to replace or augment your existing solution, the Cyber Intelligence Centre can help your organization become more secure, more vigilant, and more resilient. Secure Vigilant Resilient By adopting a risk-based approach to cyber crime prevention, you can gain access to timely, actionable threat intelligence, positioning you to improve the effectiveness of your security controls. With a customized approach to cyber intelligence that takes your specific environment into account, you can more readily predict and prevent security incidents, strengthen your organization s threat profile, and reduce your vulnerability to criminal attack. Some cyber incidents can cause serious business crises. Enhancing your ability to detect and respond to threats helps you minimize losses and get back to business as usual faster. 10

Bottom-line benefits Enhancing your CIR capabilities can help your organization identify and address threats early and remediate cyber incidents rapidly. A stronger posture on CIR can help you: Maintain business continuity Prevent the loss of data assets that are critical to your operations Improve the overall security of your organization, strengthening partner and customer confidence and solidifying reputation Devote more time and resources to fundamental business improvements, innovation, and growth Questions and actions Strengthening your CIR posture requires comprehensive guidance that s based on experience. It also requires the ability to ask the right questions and to take the right actions. Key questions Are we proactive or reactive when it comes to our current incident management practices? Do we have the right talent to respond to a spectrum of incidents? As we experience incidents, are we adapting our techniques to strengthen our future response? Key actions Put a senior executive at the helm of CIR efforts. Engage stakeholders throughout the organization to develop a CIR strategy. Make behavior change part of your strategy to help ensure a proactive stance on incident response. Cyber Incident Response 11

Contact us To start the conversation on how your organization can begin developing cyber incident response capabilities that can help you stay ahead of threats, visit us online or contact us directly. Toronto West Rocco Galletto Partner Cyber Risk Services rgalletto@deloitte.ca Adam Crawford Senior Manager Cyber Risk Services adcrawford@deloitte.ca Tejinder Basi Partner Cyber Risk Services tbasi@deloitte.ca Justin Fong Partner Cyber Risk Services jfong@deloitte.ca Nathan Spitse Senior Manager Cyber Risk Services nspitse@deloitte.ca Albert Yap Partner Cyber Risk Services ayap@deloitte.ca East Rob Masse Partner Cyber Risk Services rmasse@deloitte.ca Francis Castonguay Senior Manager Cyber Risk Services frcastonguay@deloitte.ca Cyber incident response email : incresponse@deloitte.ca 12

www.deloitte.ca/cyber Cyber Incident Response 13

14 Notes

This page has been intentionally left blank Cyber Incident Response 15

www.deloitte.ca Deloitte, one of Canada s leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte LLP and affiliated entities. Designed and produced by the Deloitte Design Studio, Canada. 15-3207M

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback