Update on Cyber Security ORMIA Specialized Course
|
|
- Alan Brooks
- 7 years ago
- Views:
Transcription
1 Update on Cyber Security ORMIA Specialized Course Yow Lian Tay and Robert Tracey Jr May 20, 2015
2 Agenda 1. Introduction to Cyber Security 2. Cyber Security resources 3. Anatomy of a data breach 4. Cyber Security incident response 5. Why audit the Cyber Security incident response plan? 6. Items to look for during the audit 7. Question Answer Incidents can occur in countless ways, so it is infeasible to develop step-by-step instructions for handling every incident. This presentation is intended to provide focus areas for your consideration. Ask yourself: What topics do I need to pay attention to? 2
3 What is Cyber Security? VS Protection from Unauthorized Modification Protection from Disruptions in Access Protection from Unauthorized Access 3
4 Cyber Security Present Day Advanced Persistent Threat (APT) Threats in the past were one-off hackers, spammers, and script kiddies. Now: Advanced Persistent Threat (APT): State-sponsored cyber espionage and sabotage Organized Crime / For Profit Groups Anonymous / Hacktivists Situational Awareness Risk Assessments can never be static as threats are increasingly more dynamic. Understanding of the environment is critical to adequate risk identification. Skills Gap Information Security professionals are in increasingly high demand. Threat actors devote exorbitant time and resources to carrying out attacks this requires an equal and opposite defense response that cannot be accomplished by automated tools alone. 4
5 Emerging Risks Internet of Things Crimeware, Ransomware Doxxing Internetworked hardware with standard and nonstandard operating systems. Includes sensitive devices such as security cameras, environmental system controllers, and certain medical devices. Requires specialized (vendor) knowledge to maintain security. Crimeware is malware specifically used to acquire confidential information including bank accounts and passwords. Ransomware is malware that locks down a user s machine and demands a payment for unlocking it. Doxxing is a practice of obtaining and disseminating PII on individuals through internet research 5
6 Emerging Risks RAM Scraping Malware that dumps data stored in memory. Such data is normally unencrypted. Common threat for POS systems and ATMs as sensitive payment card information is utilized Insider and Third Party Threat Insider threat is the risk of employees and contractors to the security of information through inadvertent and intentional means. Third party threat is the risk of vendors and contractors interfacing with the internal network and potentially compromising information security. 6
7 Cyber Security Resources ISACA Cybersecurity Nexus (CSX) Thought leadership, training, and certification. Verizon Data Breach Investigations Report Overall trends and emerging risks. SANS Critical Security Controls 20 critical controls for the most common attacks NIST Cybersecurity Framework Detailed standards for Cybersecurity Programs 7
8 Anatomy of a Data Breach Scenario - Background Disclaimer: This scenario is purely fictional. Any similarity to actual events is merely coincidental. Despite being fiction, this hypothetical example is based on actual risks in the environment that cyber security teams must be prepared for. Hackers from a well-funded criminal organization compromise a third party vendor to a major banking institution An Opportunity Appears 8
9 Anatomy of a Data Breach Setting up a Distraction Because the bank has a devoted protestor following (like all big banks), it isn t hard to induce hacktivists to launch a significant DDoS attack. It was also trivial for the criminal organization to obtain names of employees of the bank from LinkedIn and set up a spear-phishing scam. 9
10 Anatomy of a Data Breach 1. Resolve public website outage to satisfy customers The Incident Response Team Incident Response 2. Remediate effects of the spear-phishing scam. While it takes several hours, the Incident Response Team blocks the DDoS attackers and brings back up the public website. They also deal with many angry employees that unfortunately fell for the phishing s and need to change all of their passwords. 10
11 Anatomy of a Data Breach Successful Exfiltration The Intranet Customer Page was never fully secured because it was believed to be generally safe from external attacks. Using vulnerabilities in the programming language and the use of a privileged database connection within the scripts, the hackers successfully compressed and exfiltrated the customer database. 11
12 Scenario Recap Attacks are not always in isolation. A sophisticated attacker uses multiple channels of attack. DDoS Attacks and Phishing are easy to perform but hard to resist. Logging Everything is Insufficient Trained technicians need to review and remediate logs timely Security logs should never be purged data storage is cheap. Internally-Facing Applications are still a Security Risk Just because it isn t public facing doesn t mean it can t be broken into. Controls should apply to all systems with sensitive data. Third Party / Outsourced Service Providers Accounts and interfaces to third parties should face high scrutiny. Many recent breaches were through third-party channels. 12
13 Anatomy of a Data Breach 1. Resolve public website outage to satisfy customers The Incident Response Team Incident Response 2. Remediate effects of the spear-phishing scam. While it takes several hours, the Incident Response Team blocks the DDoS attackers and brings back up the public website. They also deal with many angry employees that unfortunately fell for the phishing s and need to change all of their passwords. 13
14 Incident Response What is an Incident Response Team (IRT)? A selected and well-trained group of people whose purpose is to promptly and correctly handle an incident so that it can be quickly contained, investigated, and recovered. They must be people that can drop what they re doing (or re-delegate their duties) and have the authority to make decisions and take actions. Incident Response Plan Identifies the organizational approach to handling security incidents Brings needed resources together in an organized manner to deal with an adverse event Aides investigations, preservation of evidence, and determination of how it occurred and how to mitigate against recurrence Is adaptable and flexible Speeds response and recovery efforts Ask yourself: Did your IR team obtain management support buy-in? Are roles responsibilities defined in the IR plan? Success Metrics? What about communication? Don t over communicate! Has there been a validation of the IR plan? Don t just plan it, practice it! 14
15 Typical Cyber Security Incident Response Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity Ask yourself: Does your IR plan cover these phases? 15 NIST SP r2 - COMPUTER SECURITY INCIDENT HANDLING GUIDE
16 Why audit the Cyber Security Incident Response? In conducting the audit, the auditor should be seeking answers to the following four questions: 1. Has the organization adequately assessed its cyber security incident response needs? 2. Has the organization's cyber security incident response program been designed to meet those needs? 3. As the organization changes and evolves, is the effectiveness of the cyber security incident response plan maintained? 4. In the aftermath of a critical incident, will the cyber security incident response plan work as intended? Benefits to the organization: Ensures that the plan contains accurate and current information Allows the incident response process to be assessed and fine-tuned Identifies potential issues in advance; before the breach occurs Should a breach subsequently occur, it allows the process to operate more efficiently Critical Security Control #18: Incident Response and Management Ask yourself: How supportive is Bank s Management of such an audit? 16
17 Items to look for during the audit Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity 17
18 Items to look for during the audit Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity Preparation 1. Verify creation of an incident response policy and plan 2. Were procedures for performing incident handling and reporting developed? 3. Has guidelines for communicating with outside parties regarding incidents been established? 4. Was a team structure and staffing model selected? 5. Has relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies) developed? 18
19 Items to look for during the audit Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity Detection and Analysis 1.Determine the detection and analysis capabilities. Does it consider: Attack vectors, signs sources of an incident (precursor vs. indicator) Correlation of information events (Security Incident Event Management (SIEM) tools) Profiling Networks and Systems to understanding Normal Behaviors Employ additional tools to collect additional data 2. Determine if mechanisms/channels to document the incident. Status, summary, related incidents, actions taken, chain of custody, impact assessments, next steps, etc. 3. Incident prioritization severity - functional, informational recoverability 4. Timely and sufficient notification 19
20 Items to look for during the audit Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity Containment and Recovery 1. Are there procedures to acquire, preserve, secure, and document evidence? 2. Verify if there are steps to contain eradicate the incident. Was there consideration for: Identifying and mitigating all vulnerabilities that were exploited. Removing malware, inappropriate materials, and other components. Isolating components to avoid spread. 3. Has steps been established to recover from the incident? 4. Is there confirmation that the affected systems are functioning normally upon recovery? 5. Is there a need to implement additional monitoring to look for future related activity? 20
21 Items to look for during the audit Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity Post-Incident Activity 1.For high severity incidents, was there a follow-up report? 2. Was a lessons learned meeting held? 3. Rehearsing (table-top testing) and awareness 4. Evidence retention considerations for prosecution 21
22 Items to look for during the audit Communication Coordination Preparation Detection Analysis Containment, Eradication Recovery Post Incident Activity Communication Coordination 1. Is there an established communication channel? 2. Has a communication frequency been defined? 3. Have responsibilities been defined? 4. Have the relevant internal stakeholders been identified for notifications? 5. Does your organization share information with outside parties? (Internet Service Provider, Law Enforcement Agencies, Software Support Vendors, media) 22
23 Effective Practices 1. Acquire tools and resources that may be of value during incident handling. 2. Subscribe to threat intelligence services (free paid). 3. Establish mechanisms for internal and external parties to report incidents. 4. Require a baseline level of logging and auditing on all systems, and a higher baseline level on all critical systems. 5. Profile networks and systems to understand the normal behaviors of networks, systems, and applications. 6. Consult with the legal department before initiating any coordination efforts. 7. Perform incident information sharing throughout the incident response life cycle. 8. Attempt to automate as much of the information sharing process as possible. 9. Balance the benefits of information sharing with the drawbacks of sharing sensitive information 10.Prioritize handling of the incidents based on the relevant factors. 11.Include provisions regarding incident reporting in the organization s incident response policy. 12.Obtain system snapshots through full forensic disk images, not file system backups. 13.Start recording all information as soon as the team suspects that an incident has occurred. 14.Share as much of the appropriate incident information as possible with other organizations. 15.Safeguard incident data. 16.Follow established procedures for evidence gathering and handling. 17.Create a log retention policy. 18.Maintain and use a knowledge base of information. 19.Hold lessons learned meetings after major incidents. 20.Plan incident coordination with external parties. Ask yourself: Are we doing any of these? 23
24 Questions Answers Additional Resources: NIST National Checklist Program (NCP) NIST Special Publications Rev 2 Computer Security Incident Handling Guide Center for Internet Security (CIS) Best Practices COBIT= Deliver Support DS8 Manage Service Desk and Incidents ITIL = Service Operation ISO = 13.0 Information Security Incident Management, 14.0 Business Continuity Management NIST SP = Incident Response guide Consider what you ve learned share it. 24
Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationIT Security Incident Management Policies and Practices
IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIncident Response 101: You ve been hacked, now what?
Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationDUUS Information Technology (IT) Incident Management Standard
DUUS Information Technology (IT) Incident Management Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-E 1.0 Purpose and Objectives Computer systems
More informationAuditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationCyber Incident Response
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Cyber Incident Response No: NYS-S13-005 Updated: 03/20/2015 Issued By: NYS ITS
More informationCyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology
Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationSession 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP
Session 334 Incident Management Jeff Roth, CISA, CGEIT, CISSP SPEAKER BIOGRAPHY Jeff Roth, CISA, CGEIT Jeff Roth has over 25 years experience in IT audit, security, risk management and IT Governance experience
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationEndpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014
Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationCyber Incident Management Planning Guide. For IIROC Dealer Members
Cyber Incident Management Planning Guide For IIROC Dealer Members Table of Contents 1 Executive Summary... 3 1.1 Background... 5 1.1.1 Objectives... 5 1.1.2 Context... 5 2 An Overview of Cybersecurity
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationWorking with the FBI
Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationInformation Technology Policy
ITP Number ITP-SEC024 Category Security Contact RA-ITCentral@pa.gov Information Technology Policy IT Security Incident Policy Effective Date August 2, 2012 Supersedes Scheduled Review Annual 1. Purpose
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationThe NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session
The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationPrinciples of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance
Principles of Information Security, Fourth Edition Chapter 12 Information Security Maintenance Learning Objectives Upon completion of this material, you should be able to: Discuss the need for ongoing
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationISO IEC 27002 2005 (17799 2005) TRANSLATED INTO PLAIN ENGLISH
13.1 REPORT INFORMATION SECURITY EVENTS AND WEAKNESSES 1 GOAL Make sure that information system security incidents are promptly reported. 2 GOAL Make sure that information system security events and weaknesses
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationMEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO
E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationKeynote: FBI Wednesday, February 4 noon 1:10 p.m.
Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software
Incident Response Six Best Practices for Managing Cyber Breaches Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software www.encase.com 2014 Guidance Software Inc., All Rights
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More information12/11/15. Evolving Cybersecurity Risks. Agenda. The current cyber risk landscape Overview. Results on EY s Global Information Security Survey
Evolving Cybersecurity Risks Results on EY s Global Information Security Survey Agenda Market insights: What are we seeing? Factoring cybersecurity into your planning and risk appetite Marketplace response
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationJefferson Glassie, FASAE Whiteford, Taylor & Preston
Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationMaking the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION
Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise
More informationTop Considerations for Incident Response
Top Considerations for Incident Response INTRODUCTION Incident response is a key part of any comprehensive security plan. However, many firms are not even sure where to begin to create an incident response
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationThreat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC
Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat
More informationINCIDENT RESPONSE POLICY & PROCEDURES
Incident Response Policy & Procedures Policy & Procedure Document icims Information Security INCIDENT RESPONSE POLICY & PROCEDURES Policy & Procedure Document DOCUMENT INFORMATION AND APPROVALS Version
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationCybersecurity Awareness
Awareness Objectives Discuss the Evolution of Data Security Define Review Threat Environment Discuss Information Security Program Enhancements for Cyber Risk Threat Intelligence Third-Party Management
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationAssuring Application Security: Deploying Code that Keeps Data Safe
Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe 2 Introduction There s an app for that has become the mantra of users,
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More information