Information Security Is a Business

Similar documents
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

The Need for Operational and Cyber Resilience in Transportation Systems

2013 US State of Cybercrime Survey

Cyber Hygiene: A Baseline Set of Practices

The CERT Top 10 List for Winning the Battle Against Insider Threats

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Defining Computer Security Incident Response Teams

Denial of Service Attacks

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

Business continuity management and cyber resiliency

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Components and Considerations in Building an Insider Threat Program

Researching New Ways to Build a Cybersecurity Workforce

SEI/CMU Efforts on Assured Systems

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Cyber Threat Prioritization

Advancing Cyber Intelligence Practices Through the SEI s Consortium

Combating Cyber Risk in the Supply Chain

Cyber Security Issues

The Insider Threat Center: Thwarting the Evil Insider

Roles and Responsibilities on DevOps Adoption

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Analyzing 24 Years of CVD

Cyber Threat Landscape April 2013

Cybersecurity and Hospitals: A Board Perspective

Cyber Resilience Organizer and Moderator: Bharat Doshi Senior Research Scientist US Army CERDEC S&TCD

Julia Allen Principal Researcher, CERT Division

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University

The Confluence of Physical and Cyber Security Management

Financial CISM. Certified Information Security Manager (CISM) Download Full Version :

Cybersecurity and Nonprofit

Panel: Future of Cloud Computing

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Smart Grid Maturity Model

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions

A Practical Guide to Efficient Security Response

Governance Ideas Exchange

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

CHIEF INFORMATION OFFICER

Table of Contents. Sample

Situational Awareness Metrics from Flow and Other Data Sources

INTERNAL AUDIT S ROLE IN CYBER SECURITY

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cyber-Threats and Countermeasures in Financial Sector

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Checklist: Credit Union Information Security and Privacy Policies

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Cybersecurity 2016 Survey Summary Report of Survey Results

Cyber Attack: Is Your Business at Risk?

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

Using CERT-RMM in a Software and System Assurance Context

Cyber Resilience. Think18. Felicity March IBM Corporation

Encounter Complexes For Clustering Network Flow

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity, safety and resilience - Airline perspective

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Emerging Issues: Cybersecurity. Directors College 2015

Design Pattern Recovery from Malware Binaries

DeMystifying Data Breaches and Information Security Compliance

Are we breached? Deloitte's Cyber Threat Hunting

Cybersecurity in Higher Ed

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Passive Detection of Misbehaving Name Servers

Current Threat Environment

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

What is Penetration Testing?

REPORTING INFORMATION SECURITY INCIDENTS

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Cyber Risks in the Boardroom Conference

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The Cyber War on Small Business

Critical Information Infrastructure Protection Law

Cybersecurity for Health Care Providers

Managing Cybersecurity Risk

Hacking and Cyber Espionage

Providing Information Superiority to Small Tactical Units

Business Continuity Planning

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Security Incident Response Fighting Fire with Fire

Cyber Insurance: What is your bank doing to manage risk? presented by

U.S. State of Cybercrime

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Software Assurance Education Overview

INTELLIGENCE DRIVEN GRC FOR SECURITY

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

Transcription:

Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University nmehravari@sei.cmu.edu http://www.cert.org/resilience/ 1

Notices Copyright 2015 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon and CERT are registered marks of Carnegie Mellon University. DM-0002411 2

Four Key Functions of a Modern CISO Focus of Today s Discussion Protect / Shield Monitor / Hunt Recover / Sustain Manage / Govern 3

Key Issues What are the real-world insights from recent cyber incidents? How does preparedness planning for cyber incidents differ from traditional BCM planning? How can organizations align BCM with their cybersecurity efforts? 4

Setting the Stage: What are the real-world insights from recent cyber incidents? Why is the subject important? 5

Cyber Intrusions are a Fact of Life 6

Prevention Activities Fall Short Is necessary Is not Sufficient Fails too frequently Protect / Shield Monitor / Hunt Recover / Sustain Manage / Govern 7

there are only two types of companies: those that have been hacked and those that will be and even they are converging into one category: companies that have been hacked and will be hacked again Robert S. Mueller, III Former Director of FBI March 1, 2012 8

Prevention Activities Fall Short Is necessary Is not Sufficient Not immediate Takes too long Protect / Shield Monitor / Hunt Recover / Sustain Manage / Govern 9

Targeted Attacks are Hard to Detect How are compromises detected? How long before the compromises are detected? 69% of victims were notified by an external entity 205 median number of days before detection SOURCE: Mandiant M-Trends 2015: A View from the Front Lines Report 10

Most Frequent Cyber Attacks Fallouts Disclosure of operationally sensitive information Disclosure of privately identifiable information Theft of intellectual property Theft of user access credentials Loss of credit card information Disclosure of classified information Revealing of company proprietary information Exposure of corporate email messages Identifying oppositions and enemies Leak of trade secrets Nuisance Reputation damage Hacktivism - Delivering political or social message Blackmailing Interception Fabrication Modification 11

However, adversaries are interested in more Deleting and destroying data Causing operational havoc Physical harm to people Physical damage to infrastructure Destruction of physical goods Damaging critical infrastructure Affecting delivery of products and services Shutting down day-to-day business operations Interruption Destruction 12

Example: Sony Pictures Cyber Incident Reputation Revenue Loss Data Exfiltration - Over 100 terabytes Business Operations Legal - Damaged information technology infrastructure - Hackers implanted and executed malware that destroyed data - Malware with capability to overwrite master boot records and data files - Employees have filed four lawsuits against the company for not protecting their data Breach Expenses - In its first quarter financials for 2015, Sony Pictures set aside $15 million to deal with ongoing damages from the hack. 13

and therefore Needs special attention within the realm of information security Protect / Shield Monitor / Hunt Recover / Sustain Manage / Govern 14

Guidnace: How does preparedness planning for cyber incidents differ from traditional BCM planning? How can organizations align BCM with their cybersecurity efforts? 15

Considerations for Developing Executing Business Continuity IT Disaster Recovery Incident Response Crisis Management Continuity of Operations Emergency Management Crisis Communications Workforce Continuity Etc plans for execution in cyber-affected environments plans in cyber-affected environments 16

Consider This Scenario Adversary s long-term and established presence in your environment has been confirmed (e.g., through investigative and forensic activities). Adversary has been observing and learning your environment for some extended time. Adversary has proliferated customized malware on strategic elements of your IT and operational technology (OT) infrastructure. Adversary has exfiltrated confidential information. Adversary has just made operationally disruptive moves, for example - Physical and logical damage to IT infrastructure - Physical and logical damage to OT infrastructure - Data destruction Day-to-day business operations have negatively been affected i.e., it is time to execute one or more of your preparedness plans 17

Things to Consider (i.e., Dilemmas) Do you try to get the adversary out of your environment before starting recovery and restoration activities? Have you finished investigative and forensic activities before disturbing the adversary? 18

Things to Consider (i.e., Dilemmas) Do you try to get the adversary out of your environment before starting recovery and restoration activities? Is there a chance that the adversary may try to do major damage if it notices that you are trying to kick it out? 19

Example: Cyber Attack on 20

Things to Consider (i.e., Dilemmas) Do you try to get the adversary out of your environment before starting recovery and restoration activities? How long will it take you to get the adversary out? (What did you say was your RTO?) 21

Things to Consider (i.e., Dilemmas) Do you try to get the adversary out of your environment before starting recovery and restoration activities? How will you be sure that the adversary is no longer around? 22

Things to Consider (i.e., Dilemmas) Do you try to get the adversary out of your environment before starting recovery and restoration activities? Is your enterprise systems (e.g., email, Internet access, file shares, printers, PBX, VoIP) available? YES: o o NO: o Then the adversary is most probably monitoring (listening) to every move you make. How will you keep your execution plan a secret? Do you have alternative system (not on your infrastructure) that you can use to manage the incident? 23

Things to Consider (i.e., Dilemmas) Do you try to get the adversary out of your environment before starting recovery and restoration activities? While rebuilding damaged/destroyed/corrupted systems, how would you ensure that the adversary won t get into these newly built infrastructure while building them on your currently (infected) environment? 24

In Closing 25

Modern Cyber Attacks Can Disrupt Information Assets Facilities Assets People Assets Supply Chain / Raw Material Assets Technology Assets not just information assets 26

Therefore, All preparedness planning activities IT Disaster Recovery Business Continuity Continuity of Operations Emergency Management Incident Response Crisis Communications Workforce Continuity Etc must explicitly incorporate matters related to cybersecurity risk, cyber attacks, and cyberenhanced incidents into their planning, testing, and execution processes. 27

Factors Affecting Cost of Data Breach Per Capita Cost SOURCE: Ponemon 2014 Cost of Data Breach Study 28

Thank you for your attention. 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback