Responding to Intrusions

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

Identifying and Responding to Security Incidents in the Law Firm

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Security Controls – What Works

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Computer Security: Principles and Practice

Network security policy: best practices

Incident Response Updated 03/20/2015

Security Awareness Norfolk State University Policies.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

General Awareness Training

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Risk Management, Assessment and Planning Committee III-4.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

State Data Center Oregon Consumer Identity Theft Protection Act Information Forum October 31, 2007.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

Kellie E. Tomeo, Esq Rampart International, LLC. AdvantageChallenge Increase existing security personnel productivity Increase existing facility personnel.

© MISHCON DE REYA MAY 2014 RECRUITMENT INTERNATIONAL FINANCIAL DIRECTORS’ FORUM Protecting your business from unlawful competition.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

© 2004 Internet Security Systems. All rights reserved. Contents are property of Internet Security Systems. Cyber Disaster Recovery Planning for the Inevitable.

Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Incident Response November 2015 Navigating a Cybersecurity Incident.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Incident Response Christian Seifert IMT st October 2007.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Business Continuity Planning 101

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Welcome to the ICT Department Unit 3_5 Security Policies.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Insurance Risk Transfer Alternatives

Law Firm Data Security: What In-house Counsel Need to Know

Fusion Center ITS security and Privacy Operations Joe Thomas

Chapter 3: IRS and FTC Data Security Rules

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

I have many checklists: how do I get started with cyber security?

Reporting personal data breaches to the ICO

Cyber Issues Facing Medical Practice Managers

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

Cybersecurity compliance for attorneys

CRITICAL INFRASTRUCTURE CYBERSECURITY

Ransomware and Data breaches in public libraries

Neil Kirton and Zoë Newman

INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.

Cyber Security: What the Head & Board Need to Know

Risk Articulation Articulation Translation to Risk Register

Texas Assisted Living Association 2019 Conference

Anatomy of a Common Cyber Attack

Presentation transcript:

Responding to Intrusions By Nathaniel Robinson

Before an Intrusion Happens Create a CSIRT What they do , who are they? Create an IRP What is in the report?

What a CSIRT does? A team or an organization that provides services and support , to other persons for the sake of preventing, defending, and responding to computer security incidents. Provide security awareness training and technical documents for workers Will respond to intrusions or take a look at an incident to see the necessary actions to take Identifies and analyzes what has happened including the impact and the threat.

Who are the CSIRT Core Staff Manager or team lead Assistant managers, supervisors, group leaders Hotline, help desk Incident handlers Vulnerability handlers Forensic analysts

Creating an IRP Make Initial Assessments Communicate the Incident Who to Contact Contain Damage and Minimize Risk Identify the type and Severity of the Compromise Protect Evidence Create a log How to respond to an incident Assess incident damage and cost Review the response and update policies

Responding to an Incident 6 Steps Initiate the IRP Engage vendors Consider notifying law enforcement Contact Insurance Carriers Asses legal risks and obligations Develop a communication plan

Initiate the IRP Initiating the IRP puts everyone into their respective place The plan should have who to communicate to and how to respond to the intrusion Have the plan in place makes responding to the intrusion easier and responses run smoother.

Engage Vendors Engage Vendors to protect evidence, conduct forensic analysis, and restore network Most companies do not have the right resources are talent to respond to a sophisticated attack Most Vendors specialize in security

Consider Notifying Law Enforcement Drawbacks and Benefits If choose to notify law enforcement contact FBI in your district FBI will have the resources and people to conduct forensic analysis and respond to the intrusion Also law enforcement will have the jurisdiction to monitor whomever is attacking your network

Contact Insurance Carriers U.S. insurance industry produced 1 billion in policies covering hacker attacks in 2014. Identify coverage areas Document losses and response cost , makes it easier to submit them for recovery

Asses Legal risks and Obligations Identify and protected and sensitive information Consider duties of confidentiality arising out of contract and common law Will be able to determine whether and to whom breach notification must be given Allows you to asses potential litigation risks and take steps to reduce those risk.

Develop a Communication Plan Develop a communication plans for four different groups The Press, Customers, Public, and Government Agencies Update Plan as needed

Bibliography http://www.insidecounsel.com/2012/04/06/technology-effectively- responding-to-a-network-int http://whatis.techtarget.com/definition/Computer-Security- Incident-Response-Team-CSIRT http://www.first.org/conference/2008/papers/killcrece-georgia- slides.pdf