Team 1 – Incident Response

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya

CIP Cyber Security – Security Management Controls

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Security Controls – What Works

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Computer Security: Principles and Practice

Stephen S. Yau CSE , Fall Security Strategies.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Session 3 – Information Security Policies

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network security policy: best practices

Introduction to Network Defense

Website Hardening HUIT IT Security | Sep

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

The Internet of Things(IoT) BY CODEY DISNEY. Objectives  What Is the IOT?  How are corporations at risk? What are the security risks and what can happen.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Information Security in Laurier Grant Li Wilfrid Laurier University.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Security and resilience for Smart Hospitals Key findings

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Information Security Program

CPA Gilberto Rivera, VP Compliance and Operational Risk

Cyber Security for Building Management

Cybersecurity - What’s Next? June 2017

Case Study - Target.

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Security Standard: “reasonable security”

Team 4 – Mack, Josh, Felicia, Kevin and Walter

Team 2 – understand vulnerabilities

Information Technology Sector

IS4680 Security Auditing for Compliance

Managing a Data Breach Prevention-Detection-Mitigation

Joe, Larry, Josh, Susan, Mary, & Ken

Forensics Week 11.

Information Security: Risk Management or Business Enablement?

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

NRC Cyber Security Regulatory Overview

General Counsel and Chief Privacy Officer

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

How to Mitigate the Consequences What are the Countermeasures?

Considerations for Cybersecurity and Data Security in Today’s World

Cyber Security in a Risk Management Framework

Anatomy of a Common Cyber Attack

Protecting Knowledge Assets – Case & Method for New CISO Portfolio

Presentation transcript:

Team 1 – Incident Response Team 1: Senior Acquisition Team to the Board of Directors and Senior Company Leadership for another major commercial retailer (Bullseye) How would you describe Target’s situation to your Board of Directors? How could you assure senior leadership that our company is in a better situation? What would do with Target’s information to be proactive? How would you prove that you are secure enough?

1. How would you describe Bullseye’s situation to your Board of Directors? BLUF: Hackers were able to access Target’s network and POS systems by compromising a third party vendor with an infected email. The attackers were able to find credentials for Target’s network on the vendors systems which then allowed the attackers to get into Targets network. Target failed to respond to multiple warnings on their defenses. Due to the failed responses by Targets administrators attackers were able to maintain access for over thirty days. The continued access by attackers allowed the exfiltration of over 110 Million customers information (financial and personal) resulting in more than 200 million in cost to bank vendors.

2. 2.How could you assure senior leadership that our company is in a better situation? Due to our initial assessments we are in a similar situation to Target. However after analyzing the results of the assessment and receiving new funding we are proactively taking steps to improve our security poster.

3. What would do with Target’s information to be proactive? Train personnel Aggressively assess our assets using a third party company both physically and against our systems. Systems will be compartmentalized to reduce vulnerability. Ie. POS, customer data centers, critical vs non-critical systems. Improved security measures and vetting of third party vendors. Establish better processes and procedures including COOP to reduce the impact of any breach so that operation can continue to resume while the breech is mitigated.

4. How would you prove that you are secure enough? Negotiate with outside Auditors to validate compliance. Conduct periodic cyber readiness inspections Provide and review monthly intrusion detection reports and validate effectiveness of perimeter and inside defenses. Provide monthly personnel training reports to senior leadership for review.

Extra Homework

Isolate vendor traffic to sub networks to provide defense-in-depth. 5. 5. What is the best way to manage the risk of others interfacing with our network and systems? Require security certification and accreditation of third party vendors. Isolate vendor traffic to sub networks to provide defense-in-depth.

Implement role base security 5. How should you control others on your network for access and authorization? Implement role base security Create roles for vendors with limited privileges. Ensure vendors comply with company password policies. Whitelist any approved vendor protocols and deny all else. Strict audit tracking and monitoring of all vendor traffic.

Training and awareness challenges of e- commerce. 5. 5. What should be required of vendors and sub-contractors to work with your systems? Training and awareness challenges of e- commerce. Establish interface standards. Detaling security process that are in place for all interfaces. “passing certificates, etc.”

5. 5. 5. How do you ensure proper training and certification of sub-contractors and vendors? Interface agreements will include training and company security certifications. Provide Bullseye specific computer based and available classroom training to ensure our security concerns are addressed

Questions???