Presentation on theme: "Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office."— Presentation transcript:
Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office
Learning Points Creating and Maintaining a Security Policy Baseline. The Importance of Security Preparedness and Response Techniques. Overall Structure and Education of the Security Operations Center.
Break Down: Security Policy Customize for your organization Do not borrow from elsewhere Create a policy to enable accountability It has to have teeth Easy to comprehend Security Operations Staff and Policy Allow staff to provide input to policy Creates an full understanding and becomes a product staff is passionate about
Break Down: Preparedness Impossible to prevent so be prepared Not just another plan! How do you document and store your plan? How do you truly test your plan and why spend the time and resources?
Break Down: Security Operations Structure Distribute Resources Create a lab environment Encourage creativity Use the lab to educate Keep Politics Out! Top heavy Keep senior management apprised of situations but do not give them too much information and ensure you speak their language (no jargon).
Break Down: Security Operations Structure Security Operations Center Staff Educate personnel Pay the price to either educate or pay the salary for the best of the best Create an environment conducive to threat awareness Communicate with your peers, other organizations, federal partners, academia, etc Learn what your up against
Viruses and Malware Today What are we up against? Industrial and Military espionage Foreign governments Criminal organizations Malware Evolved Undermine security measures Disables Anti-virus Connects from within your network to remote command and control servers Malware Design Cognizant of digital forensics techniques Encode and conceal network traffic Minimize traces left on file system
Response Techniques Containment Simple right? You want to contain without hindering any potential investigation Preservation To understand the attack malware forensics must be deployed Forensic Examination Pay for the tools Preservation of volatile data and logs Dynamic Processes Most likely, no two responses will be the same
Conclusion Policy and Preparedness Personnel and Structure Tools and Techniques Q&A Thank you Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office