Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event.

Published byStanley West Modified over 8 years ago

Similar presentations

Presentation on theme: "Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event."— Presentation transcript:

1 Cybersecurity Disaster Recovery Plan

2 What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event of a disaster that affects an organization’s IT infrastructure. A Disaster Recovery Plan (DRP) tells the employees and members of the organization what to do in case of an IT emergency. The DRP is an integral part of a company’s Business Continuity Plan. A DRP often defines key IT assets, threats, and disaster scenarios. A DRP should be used to preserve a company’s confidentiality, integrity and availability.

3 Why should all companies have a Disaster recovery plan in place? To reduce the amount of damage the company sustains from a disaster. To prepare and educate the workers or organization for a disaster. To inform employees and members of disaster protocols. To reduce the amount of decision making done in the midst of a disaster. To drastically reduce the risk of delays and interruptions in business operations.

4 What should be included in a Disaster Recovery plan? An updated recall roster that includes employees’ names, contact information, and position in the company. A detailed chart that defines each employees’ role if a disaster were to occur. A detailed step-by-step disaster recovery script. A documented, up-to-date risk assessment outlining the elements needed in order to ensure maintenance of the company’s daily operations (this should also include a current network diagram). A detailed list of vendors that includes contact information. A list of any back up sites such as Hot sites, Warm sites and Cold sites.

5  What it is:  The Stuxnet virus is labeled the most complex weapon in cyber warfare to date. Norton Symantec stated “It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world (The Stuxnet Worm, 2011).”  How it works:  A form of malware, or malicious software, that has over 1500 lines of code embedded in it, the Stuxnet worm has the ability to infect computer systems with a Microsoft Windows operating system, lying undetected and replicating itself until it finds its true target. After the worm’s target is acquired it causes the targeted equipment to raise its rate of rotation per minute to a dangerously high speed, consequently causing the target to rip itself apart.  The threat:  This worm is most dangerous because of its ability to break the target’s integrity by making the control software report false positives and causing the equipment to appear as though it is working correctly.

6  Target: PLC device and software located in a specific device on a standalone network at the Iranian nuclear facilities.  OS systems affected: Windows OS and software made by Siemens that controlled the RPM of hardware in the nuclear facilities.  How it worked: Raised the speed of rotations on the hardware, causing the rotors to spin extremely fast and eventually forcing the system to spiral out of control. As this was occurring, the worm began to complete the job it was designed to do by causing software checks to look as if the hardware was working properly and taking over the controls for the system kill switch.  Access point: Someone at the facility placed an infected USB flash drive into a computer on the stand alone network.

7 The Stuxnet virus was spread to the stand alone network via USB flash drive and so the best way to prevent the virus from getting on the network would have been to disable the USB port on the computer itself. Three ways of disabling USB are: 1. Physically disabling the wire from the computers motherboard. 2. Disabling the USB using Microsoft. 3. Disabling the USB using a 3rd party software.

8 Physically disabling the wire from the computer’s motherboard through disconnection Disconnecting the USB wire from the motherboard would require the services of a skilled technician. A potentially time consuming process, depending on how many systems need to be disconnected, the computer may have to be down for some time and this would affect the system’s availability.

9 Physically disabling the wire from the computer’s motherboard through wire cutting Another way of physically disconnecting the USB from the motherboard is to cut the wires that connect the USB port to the motherboard. This method should also be done by a skilled technician to avoid cutting the wrong wire and corrupting the entire system.

10 Pros and Cons of Physically disabling the USB ports Pros The Stuxnet worm no longer has an entry point for the system. The USB can be reconnected and function just as before at a later time. Cons The trade in value of the system can be ruined. The system will be forced to use PS 2 mice and keyboard as its source of input.

11 Disabling the USB using Microsoft The following methods can be used to disable the USB using Microsoft : o Using the registry in Microsoft. o Using the group policy in Microsoft. o Disable from the bios.

12 Disabling the USB ports using the registry requires the services of a technician with vast knowledge of Microsoft’s operating system. Entering the wrong value during this process can change unaffected portions of the operating system thereby impeding the processing of the OS.

13 Granting or limiting access to USB ports requires having the rights of a systems administrator which include reading and writing rights to the group policy object editor. This is a fairly easy process but an updated access control list should be used to ensure the person being added requires having access to the level of permissions being granted.

14 This method results in decreased confidentiality and security as it allows anyone the ability to disable and enable the USB port as long as the bios do not require a password.

15 IceDeep, Inc. MYUSBONLY2014 3 RD Party software that protects against all USB cyber attacks. Blocks all USB ports except trusted USB storage devices. Logs all USB devices plugged into the system and logs what the USB is being used to do (i.e. uploading a document to the computer). Can run undetected or in plan sight to be used as a deterrence. http://www.myusbonly.com/usb- security-device-control/

16 NirSoft USBDEVIEW 3 rd party software that can disable and enable USB devices. Can obtain all information about a USB device that is plugged into a system that has USBDEVIEW on it (i.e. the USB device’s vender ID, Product ID, etc). Keeps track of the USB devices plugged into the system. Assists with digital forensics after a cybercrime is committed. Can also be used and accessed remotely. http://www.nirsoft.net/utils/usb_dev ices_view.html

17 3 rd party software that can provide detailed data forensics needed after a cyber attack. Gives right to groups to have access to USB ports and grants permissions based on an updated access control list and device whitelist. Can allow USB devices read-only access. Can be programmed to let users have USB access on a schedule by date and times. Permissions are still enforced if the system is off the network. Adds an extra layer of protection to defend against Malware. Provides media encryption. Runs detailed reports about access to data files. Monitors port access. Discovers what devices are attempting to access USB ports and where. https://www.lumension.com/device-control- software/usb-security-protection/overview.aspx

18 Pros and Cons of using 3 rd party software to disabling the USB ports Pros Seems easy to use. Software controls are usually easy to access. Generally saves time. User-friendly and take effect much sooner than manually disabling the USB port. Cons May come with its own set of vulnerabilities. Can be costly to a company; company should complete a risk assessment to see if it is worth the cost. The technician needs to be properly trained and that could cost the company man hours. Can be hacked and manipulated to perform malicious functions.

19 Disabling the USB ports is the best way to stop a Stuxnet virus from reaching a stand alone system. Depending on the size of the company I would use a 3 rd party software to disable the USB ports. They are less time consuming, and time is of the essence when working with a large company. The 3 rd party software I would use would be Lumension Device Control for the following reasons: It uses an access control list which keeps the confidentiality of system by not letting people with out proper permission access USB ports. The software can also control the availability of when people can have access to the USB ports on the system.

20 How can I prevent users from connecting to a USB storage device? (n.d.). Retrieved from http://support2.microsoft.com/kb/823732prevent usersdevice Solutions. (n.d.). Retrieved from http://www.myusbonly.com/usb-security- device-control/ The Stuxnet Worm. (n.d.). Retrieved from http://www.symantec.com/en/uk/theme.jsp?themeid=stuxnetsymantec USB storage devices: Two ways to stop the threat to network security. (n.d.). Retrieved from http://searchnetworking.techtarget.com/tip/USB-storage- devices-Two-ways-to-stop-the-threat-to-network-security USB storagenetwork security View any installed/connected USB device on your system. (n.d.). Retrieved from http://www.nirsoft.net/utils/usb_devices_view.html

Download ppt "Cybersecurity Disaster Recovery Plan. What is a Disaster Recovery Plan? A documented plan designed to maintain normal day to day operations in the event."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Stuart Cunningham - Computer Platforms - 2003 COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

Similar presentations

Ads by Google