PREPARE YOUR INCIDENT RESPONSE TEAM

Similar documents
DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

WRITTEN TESTIMONY OF

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cybersecurity. Are you prepared?

Collateral Effects of Cyberwar

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

RETHINKING CYBER SECURITY Changing the Business Conversation

Network Support. Technical Certificate. Program Outcomes: FOUNDATION COURSES. 1 of 7

Understanding the Business Risk

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Who s Doing the Hacking?

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Cyber Security. John Leek Chief Strategist

Logging In: Auditing Cybersecurity in an Unsecure World

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Lessons from Defending Cyberspace

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

Combating a new generation of cybercriminal with in-depth security monitoring

Cyber Liability Insurance

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

KEY STEPS FOLLOWING A DATA BREACH

Department of Homeland Security

Security Intelligence

Identifying Cyber Risks and How they Impact Your Business

Rashmi Knowles Chief Security Architect EMEA

Cybersecurity y Managing g the Risks

Common Data Breach Threats Facing Financial Institutions

Best Practices to Improve Breach Readiness

The webinar will begin shortly

U. S. Attorney Office Northern District of Texas March 2013

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

TUSKEGEE CYBER SECURITY PATH FORWARD

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Security and Privacy

Overcoming Five Critical Cybersecurity Gaps

Incident Response. Six Best Practices for Managing Cyber Breaches.

Cybersecurity Vulnerability Management:

CGI Cyber Risk Advisory and Management Services for Insurers

Staying Ahead of the Cyber Security Game. Nigel Tan ASEAN Technical Leader IBM Security

Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know

Protect Your Universe with ArcSight

THE WORLD IS MOVING FAST, SECURITY FASTER.

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

CFO Changing the CFO Mindset on Cybersecurity

After the Attack. The Transformation of EMC Security Operations

Working with the FBI

Fight fire with fire when protecting sensitive data

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

Testing the Security of your Applications

CYBERSECURITY INVESTIGATIONS

Mitigating and managing cyber risk: ten issues to consider

How to Reduce Web Vulnerability Scanning Times

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Sponsored by. A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Aggressive and Persistent: Using Frameworks to Defend Against Cyber Attacks

HP NonStop Server Security and HP ArcSight SIEM

Advanced Threats: The New World Order

Course Content Summary ITN 267 Legal Topics in Network Security (3 Credits)

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Perspectives on Cybersecurity and Its Legal Implications

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Combating Cyber Risk in the Supply Chain

CyberArk Privileged Threat Analytics. Solution Brief

The Importance of Cyber Threat Intelligence to a Strong Security Posture

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

things you haven t done to protect your business from cybercrime

Re-Imagining the Cyber Warrior of the Future

Transcription:

PREPARE YOUR INCIDENT RESPONSE TEAM JUNE 2015 Michael Harrington, Fidelis Cybersecurity

It s a big problem... The ongoing cyber-thefts from The scale of international theft the In networks 2013, the of average public cost and of American intellectual property private of cybercrime organizations, was $11.56M, including (IP) is unprecedented - hundreds Fortune with a single 500 companies, attack taking an of billions of dollars per year, on represent average of the 32 greatest days and transfer over of the order of the size of U.S. wealth $1M to in resolve. human history. exports to Asia. General 2013 Keith Cost Alexander, of Cyber US Crime Army Study, (ret), Director Ponemon of Institute the National Security Agency, Chief of the Central The Security IP Commission Service, Commander Report of the United States Cyber Command

With no easy answers... FIREWALL AV, NETWORK DLP INTRUSION PREVENTION NETWORK SECURITY ANALYTICS NETWORK-CONNECTED MALWARE DETECTION

Critical Questions Overview Incident Response Expectations Before an Incident Happens Identify the teams of fully authorized key players What Really Happens How Did You Respond Recovery Conclusion & Questions

Critical Questions You have been BREACHED now what? Fidelis Proprietary information

Critical Questions You have been BREACHED now what? Who should be involved, who should not? Fidelis Proprietary information

Critical Questions You have been BREACHED now what? Who should be involved, who should not? Have you TRAINED for this? Fidelis Proprietary information

Critical Questions You have been BREACHED now what? Who should be involved, who should not? Have you TRAINED for this? What are the FIRST steps and actions? Fidelis Proprietary information

Critical Questions You have been BREACHED now what? Who should be involved, who should not? Have you TRAINED for this? What are the FIRST steps and actions? Do you know your ROLE? Fidelis Proprietary information

Critical Questions You have been BREACHED now what? Who should be involved, who should not? Have you TRAINED for this? What are the FIRST steps and actions? Do you know your ROLE? How do you handle EVIDENCE? Fidelis Proprietary information

I.R. Expectations Notification and Identification

I.R. Expectations Notification and Identification Classification: Is this a MAJOR or MINOR incident?

I.R. Expectations Notification and Identification. Classification: Is this a MAJOR or MINOR incident? Know the I.R. TEAM: The People needed to respond.

I.R. Expectations Notification and Identification. Classification: Is this a MAJOR or MINOR incident? Know the I.R. TEAM: The People needed to respond. Know the Processes and Procedures & Legal and Regulatory Requirements.

I.R. Expectations Notification and Identification. Classification: Is this a MAJOR or MINOR incident? Know the I.R. TEAM: The People needed to respond. Know the Processes and Procedures & Legal and Regulatory Requirements. 3 rd Party I.R. Teams and Partners

Before an Incident Identify the team of fully authorized key players

Before an Incident Identify the team of fully authorized key players Know Everyone's Roles and Responsibilities

Before an Incident Identify the team of fully authorized key players Know Everyone's Roles and Responsibilities Have Executive and Legal Support for the I.R. Plan

Identify the Teams of Fully Authorized Players Leadership Team

Identify the Teams of Fully Authorized Players Leadership Team Legal Team

Identify the Teams of Fully Authorized Players Leadership Team Legal Team Security Operations Team

Identify the Teams of Fully Authorized Players Leadership Team Legal Team Security Operations Team Forensics Team

Identify the Teams of Fully Authorized Players Leadership Team Legal Team Security Operations Team Forensics Team Data Analysis Team

Before an Incident TRAIN --- TRAIN --- TRAIN

Before an Incident TRAIN --- TRAIN --- TRAIN *** TRAIN as a TEAM ***

Before an Incident TRAIN --- TRAIN --- TRAIN *** TRAIN as a TEAM *** TEST Processes and Procedures

Before an Incident Test Your I.R. Plan > DRILL Know Everyone's Roles and Responsibilities Have Executive and Legal Support for the I.R. Plan

What Really Happens

What Really Happens It is like a Circus!

What Really Happens Critical DATA is LOST! Evidence about the Intrusion could be DELETED!

What Really Happens Attempts are made to limit DAMAGE so the business can run.

What Really Happens Attempts are made to limit DAMAGE so the business can run. A BALANCE must be made between I.R. and the Business!

How Did You Respond?

How Did You Respond? TO: Heartbleed?

How Did You Respond? TO: ShellShock?

How Did You Respond Most organizations were scrambling around.

How Did You Respond Most organizations were scrambling around. If your security staff responded quickly and efficiently then I commend you.

How Did You Respond Most organizations were scrambling around. If your security staff responded quickly and efficiently then I commend you. What I saw in a number of companies was chaos!

How Did You Respond Most organizations were scrambling around. If your security staff responded quickly and efficiently then I commend you. What I saw in a number of companies was chaos! If you TRAINED as a TEAM and everyone knew what to do, then your 1000% better prepared than most organizations.

Keys for Breach Preparedness Plan Train Drill Repeat

Recovery Fixed it or did we really? We have seen 2 nd and 3 rd breaches on the same customer These were probably the same attackers hiding in wait and then they came back out.

We Know How To Eliminate Online Risk

`

QUESTIONS? THANK YOU Michael Harrington Michael.harrington@fidelissecurity.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information