Presentation is loading. Please wait.

Presentation is loading. Please wait.

You’ve been hacked, now what? By Wild Wild West. Agenda Overview What we did do Alternative Solutions Best solution: CSIRT.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "You’ve been hacked, now what? By Wild Wild West. Agenda Overview What we did do Alternative Solutions Best solution: CSIRT."— Presentation transcript:

1 You’ve been hacked, now what? By Wild Wild West

2 Agenda Overview What we did do Alternative Solutions Best solution: CSIRT

3 What we did do… Technical Team – Easy solution – Patches/Updates – Rebuilt

4 What we did do… Business Team – Senior management, legal, public relation – Report incident to law enforcement/government agency – Notify business partners and investors – Decision

5 Downtime Cost per week (total $352,500) : – 2 Acoustic Engineers (consultant): $15,000 – Management (5 people): $25,000 – Non IT Staff (30 people): $62,500 – Delay in launch: $250,000

6 Solution Alternatives

7 Alternatives Considered 1.Hire outside consultants 2.Technology-based HW/SW solution 3.Computer Security Incident Response Team (CSIRT)

8 InfoSecurity Consulting Firm $20k - $200k+ depending on scope and deliverables Forensics-only approach likely to be inconclusive Expanded scope well beyond our budget Plus, likely to lead to further expenditures

9 Let Tech Solve the Problem? Another wide spectrum of options…

10 Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? Tier I CiscocaJuniper

11 Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? B.Homegrown Approach? Tier I Open Systems CiscocaJuniper

12 Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? B.Homegrown Approach? Tier I Open Systems CiscocaJuniper MacGyver

13 Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? B.Homegrown Approach? C.Something in between? Tier I Open Systems CiscocaJuniper MacGyver

14 What We Did Decide… Conduct Nessus scan of our network Plug all high and medium risk firewall vulnerabilities identified ADDED! open source IDS product for faster recognition of attempted attacks or successful exploits

15 What We Did Decide… Conduct Nessus scan of our network Plug all high and medium risk firewall vulnerabilities identified ADDED! open source IDS product for faster recognition of attempted attacks or successful exploits But! We didn’t stop there…

16 Computer Security Incident Response Team (CSIRT) Disaster Recovery Style

17 Security Preparation PreventionRecovery Policies, Standards, Guidelines Physical SecurityTech Security Employee Communication ?? Completely unknown ?? ?? Didn’t we already spend that money ??

18 Computer Security Incident Response Team Purpose After a Major Security Incident: To be able to quickly and efficiently make and execute decisions that are the best for the organization

19 Computer Security Incident Response Team (CSIRT) Roles – Team manager and backup team manager – Technical/Security expert – Executive – Legal expert – PR specialist – HR specialist

20 Computer Security Incident Response Team (CSIRT) Roles Example: – Team manager and backup team manager (IT Director, Sys Admin) – Technical/Security expert (IT Director, Sys Admin) – Executive (CEO) – Legal expert (CEO) – PR specialist (Marketing Director) – HR specialist (HR Director)

21 Computer Security Incident Response Team (CSIRT) Tasks – Respond quickly to a Major Security Event. – Analyze the incident – Respond to the incident in the context of the organization as a whole Law enforcement Communications to employees Legal obligations Upstream, downstream and third party communication Forensics

22 Computer Security Incident Response Team (CSIRT) Benefits – Monetary benefits Know the real cost of what happened Prevent wasted time/resources of employees – (calculation here) – Psychological benefits Keeps key players calmer Keeps you from making (the wrong) decision May help you save your job

23 Q & A

Download ppt "You’ve been hacked, now what? By Wild Wild West. Agenda Overview What we did do Alternative Solutions Best solution: CSIRT."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,
Strategic Plan Template

Strategic Plan Template
Learning Objectives LO1 Summarize the financial statement audit process. LO2 Explain the main characteristics of an independent audit engagement. LO3 Describe.

Learning Objectives LO1 Summarize the financial statement audit process. LO2 Explain the main characteristics of an independent audit engagement. LO3 Describe.
Security and Personnel

Security and Personnel
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.

Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.
You’ve been hacked, now what? by Wild Wild West. Engineering firm that makes speakers. Startup, new game changing product with Twatter technology. 40.

You’ve been hacked, now what? by Wild Wild West. Engineering firm that makes speakers. Startup, new game changing product with Twatter technology. 40.
Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
OneMinnesota January 25, 2012 Carolyn Parnell OET Commissioner and State CIO.

OneMinnesota January 25, 2012 Carolyn Parnell OET Commissioner and State CIO.
1 Chapter 9 E-commerce portal design strategy. Learning objectives  At the end of the chapter, the students would learn  The need to design e-commerce.

1 Chapter 9 E-commerce portal design strategy. Learning objectives  At the end of the chapter, the students would learn  The need to design e-commerce.
Network security policy: best practices

Network security policy: best practices
ADAPTED FROM CAREERS IN BUSINESS.COM Business Majors and Careers.

ADAPTED FROM CAREERS IN BUSINESS.COM Business Majors and Careers.
ORGANISATION STRUCTURE

ORGANISATION STRUCTURE
1 Continuity Planning An Overview…. 2 Continuity Planning Bill Scott CBCP Contingency Planning Coordinator Great Lakes Educational Loan Services, Inc.

1 Continuity Planning An Overview…. 2 Continuity Planning Bill Scott CBCP Contingency Planning Coordinator Great Lakes Educational Loan Services, Inc.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google