Presentation is loading. Please wait.

Presentation is loading. Please wait.

OC RIMS Cyber Safety & Security Incident Response.

Similar presentations


Presentation on theme: "OC RIMS Cyber Safety & Security Incident Response."— Presentation transcript:

1 OC RIMS Cyber Safety & Security Incident Response

2 Types of Cyber Events - Intrusion (external/internal) - Hackers Targeting Asset/Account Managers - Sexual Harassment - Termination - Workmen's Comp Claims - Theft of IP

3 Civil vs. Criminal Theft of Personal Data Theft of IP Stalking Cyber Impersonation Hacking Wire Tapping Child Pornography Look Familiar?

4 Preservation

5 Preserve Digital Evidence The most important thing to remember is to protect and preserve the evidence no matter what the final outcome! The most important thing to remember is to protect and preserve the evidence no matter what the final outcome! If you choose not to preserve the evidence now it may be altered or destroyed when you need it! If you choose not to preserve the evidence now it may be altered or destroyed when you need it!

6 What is Imaging? o Write blocked/protected o Bit-by-bit copy of the device o Verified o Proven and court accepted methodology o Different then Ghost or other file copying!!

7 Forensics What can it do for you? Clear and concise explanation of: Forensic copy of original evidence Forensic copy of original evidence Methodology used for examination Methodology used for examination Whether or not the date/time stamps are a reliable indicator Whether or not the date/time stamps are a reliable indicator What is slack and unallocated space What is slack and unallocated space How is data stored and recovered How is data stored and recovered

8

9

10

11 Deleting - Recycle Bin Artifacts - File systems - Recoverable

12 Anti-Forensics

13 Wiping

14 Monitoring o Third party o Offsite, appliance or application o Local

15 Encryption o Transmission (SSH) o User and Master Keys o Securing Your Keys o Whole Disk, Volume or File Level

16 Prevention #1 hacking tool = social engineering o Operating System Permissions o Logging of Data Access & Transfers (system wide/centralized/long term) (system wide/centralized/long term) o Monitoring o Restrict Web Browsing (browser) o Removable Media o Vulnerability Testing

17 Secure Wireless SSID SSID WEP/WAP WEP/WAP MAC Address MAC Address Wired Wired Air Card Air Card

18 Wireless

19 The “Cloud” Dangers and Risk Uncontrolled Access by Users Unsecured Access Internet Dependant

20 Cloud Tools and Tips Google/MSN Admin Controls Secure Computer/Connection Password Rules Backup Two-Factor Authentication

21 David McCain


Download ppt "OC RIMS Cyber Safety & Security Incident Response."

Similar presentations


Ads by Google