Presentation is loading. Please wait.

Presentation is loading. Please wait.

Team 1 – Incident Response

Published byKerrie Skinner Modified over 6 years ago

Similar presentations

Presentation on theme: "Team 1 – Incident Response"— Presentation transcript:

1 Team 1 – Incident Response
Team 1: Senior Acquisition Team to the Board of Directors and Senior Company Leadership for another major commercial retailer (Bullseye) How would you describe Target’s situation to your Board of Directors? How could you assure senior leadership that our company is in a better situation? What would do with Target’s information to be proactive? How would you prove that you are secure enough?

2 1. How would you describe Bullseye’s situation to your Board of Directors?
BLUF: Hackers were able to access Target’s network and POS systems by compromising a third party vendor with an infected . The attackers were able to find credentials for Target’s network on the vendors systems which then allowed the attackers to get into Targets network. Target failed to respond to multiple warnings on their defenses. Due to the failed responses by Targets administrators attackers were able to maintain access for over thirty days. The continued access by attackers allowed the exfiltration of over 110 Million customers information (financial and personal) resulting in more than 200 million in cost to bank vendors.

3 2. 2.How could you assure senior leadership that our company is in a better situation?
Due to our initial assessments we are in a similar situation to Target. However after analyzing the results of the assessment and receiving new funding we are proactively taking steps to improve our security poster.

4 3. What would do with Target’s information to be proactive?
Train personnel Aggressively assess our assets using a third party company both physically and against our systems. Systems will be compartmentalized to reduce vulnerability. Ie. POS, customer data centers, critical vs non-critical systems. Improved security measures and vetting of third party vendors. Establish better processes and procedures including COOP to reduce the impact of any breach so that operation can continue to resume while the breech is mitigated.

5 4. How would you prove that you are secure enough?
Negotiate with outside Auditors to validate compliance. Conduct periodic cyber readiness inspections Provide and review monthly intrusion detection reports and validate effectiveness of perimeter and inside defenses. Provide monthly personnel training reports to senior leadership for review.

6 Extra Homework

7 Isolate vendor traffic to sub networks to provide defense-in-depth.
What is the best way to manage the risk of others interfacing with our network and systems? Require security certification and accreditation of third party vendors. Isolate vendor traffic to sub networks to provide defense-in-depth.

8 Implement role base security
5. How should you control others on your network for access and authorization? Implement role base security Create roles for vendors with limited privileges. Ensure vendors comply with company password policies. Whitelist any approved vendor protocols and deny all else. Strict audit tracking and monitoring of all vendor traffic.

9 Training and awareness challenges of e- commerce.
5. 5. What should be required of vendors and sub-contractors to work with your systems? Training and awareness challenges of e- commerce. Establish interface standards. Detaling security process that are in place for all interfaces. “passing certificates, etc.”

10 5. 5. 5. How do you ensure proper training and certification of sub-contractors and vendors?
Interface agreements will include training and company security certifications. Provide Bullseye specific computer based and available classroom training to ensure our security concerns are addressed

11 Questions???

Download ppt "Team 1 – Incident Response"

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Introduction to Network Defense

Introduction to Network Defense
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

Similar presentations

Ads by Google