Cyber Security Incident Response Program. Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA

Similar documents
White Paper on Financial Industry Regulatory Climate

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Information Security and Risk Management

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Information Technology

NATIONAL CYBER SECURITY AWARENESS MONTH

Cybersecurity Workshop

Presented by Evan Sylvester, CISSP

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

OCIE CYBERSECURITY INITIATIVE

Medical Information Breaches: Are Your Records Safe?

SECURITY. Risk & Compliance Services

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

Data Breach Response Planning: Laying the Right Foundation

Summary of the State of Security

CYBERSECURITY HOT TOPICS

Cybersecurity Governance Update on New FFIEC Requirements

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

How To Protect Yourself From A Hacker Attack

Cybersecurity: Protecting Your Business. March 11, 2015

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

Cyber Security Management

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Cybercrime and Regulatory Priorities for Cybersecurity

Cybersecurity and Privacy Hot Topics 2015

Franchise Data Compromise Trends and Cardholder. December, 2010

Compromises in Healthcare Privacy due to Data Breaches

Big Data, Big Risk, Big Rewards. Hussein Syed

Who s Doing the Hacking?

What Do You Mean My Cloud Data Isn t Secure?

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

September 20, 2013 Senior IT Examiner Gene Lilienthal

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

Application Security in the Software Development Lifecycle

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

VENDOR MANAGEMENT. General Overview

Click to edit Master title style

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Nine Steps to Smart Security for Small Businesses

Meeting the Information Security Management Challenge in the Cyber-Age

Privilege Gone Wild: The State of Privileged Account Management in 2015

AUDIT TAX SYSTEMS ADVISORY

GEARS Cyber-Security Services

Network Security & Privacy Landscape

What is Management Responsible For?

Reducing Cyber Risk in Your Organization

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014

10 Smart Ideas for. Keeping Data Safe. From Hackers

How-To Guide: Cyber Security. Content Provided by

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors

Five keys to a more secure data environment

F G F O A A N N U A L C O N F E R E N C E

Collateral Effects of Cyberwar

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

CyberArk Privileged Threat Analytics. Solution Brief

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Managing IT Security with Penetration Testing

CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM

Cyber Security An Exercise in Predicting the Future

A Decision Maker s Guide to Securing an IT Infrastructure

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Developing National Frameworks & Engaging the Private Sector

Time Is Not On Our Side!

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Delaware Cyber Security Workshop September 29, William R. Denny, Esquire Potter Anderson & Corroon LLP

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

Cybercrime: risks, penalties and prevention

CYBERSECURITY EXAMINATION SWEEP SUMMARY

Cybersecurity The role of Internal Audit

Presented By: Corporate Security Information Security Treasury Management

End of Support Should Not End Your Business. Challenge of Legacy Systems

Anatomy of a Healthcare Data Breach

Cyber Security Protecting critical health care information

Are You A Sitting Duck?

CYBERSECURITY: Is Your Business Ready?

Defending Against Data Beaches: Internal Controls for Cybersecurity

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

Defining Data Security in 2015 and Beyond

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

Data Breach and Senior Living Communities May 29, 2015

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Mitigating and managing cyber risk: ten issues to consider

AlienVault for Regulatory Compliance

PCI Compliance for Healthcare

What Data? I m A Trucking Company!

Managing cyber risks with insurance

Cyber Risks and Insurance Solutions Malaysia, November 2013

Privilege Gone Wild: The State of Privileged Account Management in 2015

Transcription:

Cyber Security Incident Response Program Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA

World Economic Forum Global Technology Risks for 2015 According to the World Economic Forum s global risk perspectives survey for 2015, information and infrastructure resilience and cyber security continue to dominate the global technology risk landscape. What is really interesting is the perception that those risks have intensified in the past 12 months. No doubt this reflects both the growing sophistication of cyber attacks and the rise of hyperconnectivity i.e. all kinds of physical objects being web enabled to make up the Internet of Things, along with personal data. The challenge with so many devices connected to the Internet other than computers, is they tend to be less adequately protected The 2015 edition of the Global Risks report completes a decade of highlighting the most significant long-term risks worldwide, drawing on the perspectives of experts and global decision

Banking and Cyber Nearly a third of banking organizations do not require their third-party vendors to notify them in the event of an information security breach, according to a recent study on the banking sector's cybersecurity practices. The New York State Department of Financial Services issued its Update on Cyber Security in the Banking Sector: Third-Party Service Providers earlier this month to analyze the due diligence processes, policies and procedures governing relationships with thirdparty vendors, protections for safeguarding sensitive data, and protections against loss incurred due to third party information security failures.

Did ALL of Your Users Update 2 weeks ago Chrome? Adobe released security updates for Flash Player on Tuesday. Windows and Macintosh users should update to 17.0.0.169 and Linux users should update to 11.2.202.457 in order to address a variety of vulnerabilities, some of which are deemed critical and can enable code execution. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system, according to a Tuesday release, which states Adobe is aware that an exploit for CVE-2015-3043 exists in the wild. Security updates were additionally released for Adobe Flex and ColdFusion. Adobe Flex 4.6 and earlier versions are affected by CVE-2015-1773, and ColdFusion versions 11 and 10 are affected by CVE-2015-0345. Both vulnerabilities can be leveraged in reflected cross-site scripting attacks, and both are deemed important.

In 2012 3.8 Million Tax Records Stolen in Largest State Agency Attack Both Social Security and credit card numbers were stolen from the South Carolina Department of Revenue by hackers in August. A phishing email enabled hackers to steal credentials from users and eventually steal 74 GB of encrypted and unencrypted data.

2012 Server Hack Leads to HIPAA Violation by Utah Department of Health In April, 2012 780,000 individuals were affected in a server hack at the authentication level that allowed hackers to access and steal SSNs and personal health records from the Utah Department of Health. One server was not configured according to normal procedure, and this allowed hackers to access the system.

In 2012, Global Payments Inc. PCI Data Breach Affected 1.5 Million Nearly 1.5 million consumers were affected by hackers accessing Global Payments Inc. s payment processing system in January and February.

On Dec 14 2014, Dutch government website outage caused by cyber attack Cyber attackers crippled the Dutch government's main websites for most of Tuesday and back-up plans proved ineffective, exposing the vulnerability of critical infrastructure at a time of heightened concern about online security. The outage at 0900 GMT lasted more than seven hours and on Wednesday the government confirmed it was a cyber attack.

Cyber Response Ties In With Asset Management Let s discuss what should be in your Asset Management Program

Cyber Defense and Response What are the steps? Who is involved? How do we prepare?

Process Flow How can we Project Management this? What are the needed Business Processes?

Records* ISO 27001:2013 clause number Records of training, skills, experience and qualifications 7.2 Monitoring and measurement results 9.1 Internal audit program 9.2 Results of internal audits 9.2

Hackers Read The Same Publications That We Do Cnet CSO Dark Reading eweek

Report: 71 percent of orgs were successfully attacked in 2014 The number of successful cyber attacks against organizations is increasing, according to the 2015 Cyberthreat Defense Report from CyberEdge Group, which surveyed 814 IT security decision makers and practitioners from organizations in 19 industries across North America and Europe. Altogether, 71 percent of respondents said that their organization's global network was compromised by a successful cyber attack in 2014 a number that jumped up from 62 percent in the year prior and 22 percent said that their organization experienced six or more successful attacks, according to the report.

Risk Awareness of Your Organization Questions What are the key questions What areas of the organization needs to be included How do you raise Risk Awareness How do you develop the right questions for your organizations

Gap Knowledge To what degree Protection What s expected Response Suffering Damage Timeliness

Motivators Increase in the number of computer security incidents being reported Increase in the number and type of organizations being affected by computer security incidents More focused awareness by organizations on the need for security policies and practices as part of their overall risk-management strategies New laws and regulations that impact how organizations are required to protect information assets Realization that systems and network administrators alone cannot protect organizational systems and assets

Efficient Incident Response Program allows an organization Continuity Impacts Cost When Mitigate What Maintain What

3 rd Party Contracts for Security Issues What should be stated Who is responsible Who is notified

Questions For Thought What When How Where Why 20

Bank Secrecy Act Anti-Money Laundering Examination Manual Determine the underlying cause of policy, procedure, or process deficiencies These deficiencies can be the result of a number of factors, including, but not limited to, the following: Management has not assessed, or has not accurately assessed, the bank s risks. Management is unaware of relevant issues. Management is unwilling to create or enhance policies, procedures, and processes. Management or employees disregard established policies, procedures, and processes. Management or employees are unaware of or misunderstand regulatory requirements, policies, procedures, or processes. Higher-risk operations have grown faster than the capabilities of the compliance program. Changes in internal policies, procedures, and processes are poorly communicated.

Standards Standards and Best Practices ISO 2700 (Requirements) FFIEC PCI DSS (Credit Card Processing) And so many more Maintaining COBIT (Framework for IT Governance and Controls) ISO 27005 (Information Security Risk Management) ITIL(Framework: Identifying, planning, delivering, supporting IT for Business Functions)

ISO and Information Security How You Can Use Each 27001 27002 27003 27004 27005 27006

SEC The SEC s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert notifying firms it will conduct IT security examinations of more than 50 registered brokerdealers and registered investment advisers. Commission s jurisdiction in cyber security is focused on the integrity of market systems, customer data protection, and disclosure of material information.

FFIEC The Financial Services sector is a primary target of cyber attacks FFIEC just released new Guidance on Feb 5th entitled Strengthening the Resilience of Outsourced Technology Services. That Guidance notes, among other things, that Cyber resilience covers aspects of BCM unique to disruptions caused by cyber events. FFIEC wants to see financial institutions incorporate Cyber Attack testing into its testing scenarios.

FFIEC "Outsourcing Technology Services Booklet" Many financial institutions depend on third-party service providers to perform or support critical operations. These financial institutions should recognize that using such providers does not relieve the financial institution of its responsibility to ensure that outsourced activities are conducted in a safe and sound manner. The responsibility for properly overseeing outsourced relationships lies with the financial institution's board of directors and senior management. An effective third-party management program should provide the framework for management to identify, measure, monitor, and mitigate the risks associated with outsourcing.

What are the benefits of being in compliance with the PCI DSS? What is required How do we know we are compliant

What are the requirements for PCI DSS? There are twelve requirements falling into categories: Build Protect Maintain Monitor

Different Plans Sound Similar CIRP Computer Incident Response Plan CSIRP Cyber Security Incident Response Plan CSIRT Cyber Security Incident Response Team

Why CSIRT Security breaches and subsequent fraud are increasing in frequency and scale. While financial institutions, retailers, healthcare providers, and other targeted organizations are doing everything possible to remain one step ahead of cyber criminals, these incidents will likely continue to happen putting sensitive information at risk. While you can t always prevent a breach, quick response can minimize reputation damage and financial impact. Proactive and timely account holder communication can help reduce costs, including those associated with increased call center activity, customer education, brand repair campaigns, regulatory compliance, and the expense of covering customer losses.

CSIRT Program Information Security, Governance & Risk, are all critical aspects of planning and execution of the Cyber Information Security Response Program. Who in your organization has key responsibility to develop a program?

3 rd Party CSIRT Testing Types of Tests Simultaneous Testing

Cyber Response Getting Started Program Adopt a systematic approach

Severity Levels

Gap Review Action Steps Review Establish Key Performance Indicators (KPI).

Integrate CSIRT into IS Integrate CSIRT Use common Build...

2013 Verizon Data Breach Investigations Report 2012, 66 percent of breaches that led to data compromise within days or less remained undiscovered for months or more In 69 percent of the cases, a third party discovered the breach

Attacks Are Not IF But WHEN Many large companies are getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014 Measures against these types of security incidents are on the rise in companies.

Attacker Tools Rootkits Email Generators Backdoors And more

Feb 2015, Chinese hackers target US defense, finance firms after Forbes cyberattack US cyber security firms say a Chinese espionage team hacked Forbes magazine to then attack defence contractors, financial firms and other unsuspecting prey visiting the popular news website. Invincea and isight Partners detailed what they described as a watering hole campaign late last year that took advantage of Forbes.com and other legitimate websites. A Chinese advanced persistent threat compromised Forbes.com to set up a watering hole style web-based drive-by attack against US defence and financial services firms in late November 2014, Invincea said in a report posted on its website. The brazen attack took advantage of vulnerabilities in Adobe Flash and Internet Explorer software which have since been patched, according to Invincea.

February 13, 2015 Tennessee healthcare group notifies employees of payroll breach Tennessee-based State of Franklin Healthcare Associates (SoFHA) has notified all employees that their personal information was accessed during a security breach at the company's third party payroll vendor, and some if has already been used to file fraudulent tax returns. How many victims? All employees are being notified, and 20 to 25 have been affected. What type of personal information? Employee payroll information, including W-2s. What happened? SoFHA's third party payroll vendor was breached, access was gained to SoFHA employee payroll information, and fraudulent tax returns were filed. What was the response? SoFHA is working with national, state and local law enforcement to identify the perpetrators. SoFHA is notifying all employees, and is offering them a free year of identity theft protection services. Details: SoFHA notified local authorities in early February. As of Thursday, between 20 and 25 employees have reported being victims of tax-related identity theft. Quote: We do know that the cyber attack was contained to only employee payroll information, and at no time was any patient data compromised, Richard Panek, CEO of SoFHA, was quoted as saying. The scam is that the criminals attempt to file for, and receive, a tax refund before the real person files.

More Every Day Security breaches and subsequent fraud are increasing in frequency and scale.

Questions Getting Started Who s included Process Steps Now What

Risk While financial institutions, retailers, healthcare providers, and other targeted organizations are doing everything possible to remain one step ahead of cyber criminals, these incidents will likely continue to happen putting sensitive information at risk.

Quick Response Why? How?

Account Holder Communications When, Why and What

Employee Mitigation Auto Lock Password Manager Flashdrives And more

Quick Checklist to Mitigate Network Review Validate Conduct

CSIRT Phases What are they How do they interconnect

Mitigation for Social Engineering How to Mitigate Penetration because of this

CSIRT Program Plan for Managing Playbooks for each different types of Cyber Security Incidents (worse case does not work as in Disaster Recovery)

Incident Management Goals and Vision What should be included in each When is it updated How is it written

Analysis Methodology Identify References Research

Interviews and Training What s included How specifically is it done How often

Development and Documentation How do I know which documentation I need Where do I get the information Who should help me Passing an Audit Making sure it works

Testing and Exercises Validate Types of Tests Are they good enough

What s Needed Cyber Security Incident Response Program What s inlcuded What s a Program What s a Plan What s a Playbook

Basics Objective Scope Assumptions Ownership Action Steps Structure

Incident Incident VS Event How do I know What plans do I need for each

Operation Sequencing Initiation Resolution Termination

Look for Patterns I m not technical, how can I do this What are the Technical Teams saying Who decides the patterns anyway

REWI

Resilience Attribute The risk awareness attribute measures the degree of risk understanding, as well as anticipation What are the attributes How well the system is protected

Dr. Michael C. Redmond, PhD MBCP, FBCI, CEM, PMP, MBA Certified PECB ISO Instructor International Consultant, Speaker and Author SME: CSIRT and SIEM

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information