Presentation is loading. Please wait.

Presentation is loading. Please wait.

Responding to Intrusions

Published byWinifred Wade Modified over 6 years ago

Similar presentations

Presentation on theme: "Responding to Intrusions"— Presentation transcript:

1 Responding to Intrusions
By Nathaniel Robinson

2 Before an Intrusion Happens
Create a CSIRT What they do , who are they? Create an IRP What is in the report?

3 What a CSIRT does? A team or an organization that provides services and support , to other persons for the sake of preventing, defending, and responding to computer security incidents. Provide security awareness training and technical documents for workers Will respond to intrusions or take a look at an incident to see the necessary actions to take Identifies and analyzes what has happened including the impact and the threat.

4 Who are the CSIRT Core Staff Manager or team lead
Assistant managers, supervisors, group leaders Hotline, help desk Incident handlers Vulnerability handlers Forensic analysts

5 Creating an IRP Make Initial Assessments Communicate the Incident
Who to Contact Contain Damage and Minimize Risk Identify the type and Severity of the Compromise Protect Evidence Create a log How to respond to an incident Assess incident damage and cost Review the response and update policies

6 Responding to an Incident 6 Steps
Initiate the IRP Engage vendors Consider notifying law enforcement Contact Insurance Carriers Asses legal risks and obligations Develop a communication plan

7 Initiate the IRP Initiating the IRP puts everyone into their respective place The plan should have who to communicate to and how to respond to the intrusion Have the plan in place makes responding to the intrusion easier and responses run smoother.

8 Engage Vendors Engage Vendors to protect evidence, conduct forensic analysis, and restore network Most companies do not have the right resources are talent to respond to a sophisticated attack Most Vendors specialize in security

9 Consider Notifying Law Enforcement
Drawbacks and Benefits If choose to notify law enforcement contact FBI in your district FBI will have the resources and people to conduct forensic analysis and respond to the intrusion Also law enforcement will have the jurisdiction to monitor whomever is attacking your network

10 Contact Insurance Carriers
U.S. insurance industry produced 1 billion in policies covering hacker attacks in 2014. Identify coverage areas Document losses and response cost , makes it easier to submit them for recovery

11 Asses Legal risks and Obligations
Identify and protected and sensitive information Consider duties of confidentiality arising out of contract and common law Will be able to determine whether and to whom breach notification must be given Allows you to asses potential litigation risks and take steps to reduce those risk.

12 Develop a Communication Plan
Develop a communication plans for four different groups The Press, Customers, Public, and Government Agencies Update Plan as needed

13 Bibliography responding-to-a-network-int Incident-Response-Team-CSIRT slides.pdf

Download ppt "Responding to Intrusions"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Security Controls – What Works

Security Controls – What Works
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network security policy: best practices

Network security policy: best practices
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Security Awareness Norfolk State University Policies.

Security Awareness Norfolk State University Policies.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
General Awareness Training

General Awareness Training
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Risk Management, Assessment and Planning Committee III-4.

Risk Management, Assessment and Planning Committee III-4.

Similar presentations

Ads by Google