Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joe, Larry, Josh, Susan, Mary, & Ken

Published byKathryn Drusilla Preston Modified over 5 years ago

Similar presentations

Presentation on theme: "Joe, Larry, Josh, Susan, Mary, & Ken"— Presentation transcript:

1 Joe, Larry, Josh, Susan, Mary, & Ken

2 Team 3 – Incident Response
Team 3 is the senior IT Operations that owns Target’s Security Operation Center (SOC). Focus on Incident Response and Operations. Team 3: Cybersecurity Risk Management of Incident Response How would you describe your current processes for incident response? What do you want change in your incident response plans and processes? What exercises do you want to conduct going forward? How do you plan to work with others to ensure that you can better respond and recover?

3 Target’s multiple layers of protection
Target has multiple layers of protection in place: Firewalls, malware detection, intrusion detection, intrusion prevention, and data loss prevention tools. Target has certified as compliant with the Payment Card Industry Data Security Standards (PCI-DSS) in September 2013.

4 Target Incidents Timeline

5 Target current processes failed to respond to incidents:
1. How would you describe your current processes for incident response? Target current processes failed to respond to incidents: Failed to respond to multiple automated warnings from the company’s anti-intrusion software. Failed to respond to Symantec software identifying malicious activity. Failed to respond to multiple FireEye alerts. Failed to respond to infiltration due to improperly isolating its most sensitive network assets.

6 2. What do you want change in your incident response plans and processes?
Replace from static tool to continuously monitoring. Implement multifactor authentication and use white listing. Hardening systems and accounts, and elimination or alteration of unneeded default accounts. Analysis of false positive and false negative reporting in more detail and analysis of the location of credentialed users in the network. Separate sensitive network assets from suppliers and vendors, and install strong firewalls between Target’s internal systems and the outside Internet. Share threat information with partners and encourage collaboration with community. Properly report unknown security incident to the U.S. Computer Emergency Readiness Team (US-CERT).

7 3. What exercises do you want to conduct going forward?
Phishing s. Malicious attachments. Malware attack. Penetrations test, password and other suspicious requests. Whitelist and blacklist. Unauthorized computers and devices on network.

8 Training and practice incident response exercises.
4. How do you plan to work with others to ensure that you can better respond and recover? Coordinate incident response activities with organization’s contingency planning activities. Collaborate with others to implement incident response that includes preparation, detection and analysis, containment, eradication, and recovery. Training and practice incident response exercises. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and exercises, and implements the resulting changes accordingly.

9 Team 5: Senior Corporate Operations Group
What is the best way to manage the risk of others interfacing with our network and systems? Identify, Segregate and Monitor. How should you control others on your network for access and authorization? 2 Factor authentication and least privilege. What should be required of vendors and sub-contractors to work with your systems? Restrict based on PPS/DAPE. Require signed AUPs/SLAs for cybersecurity. How do you ensure proper training and certification of sub- contractors and vendors? Develop standard. Tie to contracts award/renewals and performance reviews. Continuously monitor.

10

11 Back Up Steps for success incident response exercises:
Design and plan exercise around a real-world scenario. Establish the exercise objectives and identify participants. Define success criteria to judge exercise’s performance. Brief the facilitator, scribe, and judging panel in advance. Evaluate your exercise’s performance in a Hotwash. Capture recommendations in an After-Action report.

Download ppt "Joe, Larry, Josh, Susan, Mary, & Ken"

Similar presentations

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Kevin R Perry August 12, 2014. Part 1: High Level Changes & Clarifications.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
Controls for Information Security

Controls for Information Security
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Similar presentations

Ads by Google