Information Security Incident Response Primer

Slides:

Advertisements

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Service-now.com Incident and Problem Management

David A. Brown Chief Information Security Officer State of Ohio

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Computer Security: Principles and Practice

Incident Management ISD Division Office of State Finance.

Network security policy: best practices

Incident Response Updated 03/20/2015

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

APA of Isfahan University of Technology In the name of God.

General Awareness Training

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Roles and Responsibilities

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security considerations for mobile devices in GoRTT

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.

THE UNIVERSITY OF GEORGIA Office of the Chief Information Officer Enterprise Information Technology Services Problem Management.

Chap1: Is there a Security Problem in Computing?.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Incident Response Christian Seifert IMT st October 2007.

ACCIDENT / INCIDENT REPORTING (Employee Version).

Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Information Technology Acceptable Use An Overview

BruinTech Vendor Meet & Greet December 3, 2015

Fusion Center ITS security and Privacy Operations Joe Thomas

Information Technology (IT) Audits

Cybersecurity - What’s Next? June 2017

Team 1 – Incident Response

Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.

Responding to Intrusions

Computer Security Fundamentals

Auditing Cloud Services

Putting It All Together

Putting It All Together

Data Compromises: A Tax Practitioners “Nightmare”

IT Service Operation - purpose, function and processes

Information Security: Risk Management or Business Enablement?

Cybersecurity Awareness

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

I have many checklists: how do I get started with cyber security?

UNM Information Security Program (ISMS)

Privacy Breach Response and Reporting

Reporting personal data breaches to the ICO

Red Flags Rule An Introduction County College of Morris

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Information Security Awareness

Keeping your data, money & reputation safe

The Service Portal What is the Self-Service Web Portal?

Incident response and intrusion detection

The Service Portal What is the Self-Service Web Portal?

6. Application Software Security

Incident Response Planning

Anatomy of a Common Cyber Attack

Presentation transcript:

Information Security Incident Response Primer LW Presented by Lucas Walker & Lawrence Alderete

I am responsible. Although I may not be able to prevent the worst from happening, I am responsible for my attitude toward the inevitable misfortunes that darken life. Bad things do happen; how I respond to them defines my character... Walter “Bob” Iglis Anderson, American painter, writer, and naturalist LW

First, Some Basics LW Defining the term ‘Incident’

An unplanned interruption to an IT service or reduction in the quality of an IT service. ITIL® v3 Glossary LW Incident

The ability of a product, service or process to provide the intended value. ITIL® v3 Glossary LW Quality

Utility Value Warranty Value Creation Performs Adequately or; Has No Constraints Fit For Purpose Continuous Availability and; Has Enough Capacity and; Secure Continuous Availability and; Has Enough Capacity and; Secure LW -> LPA Fit For Use Value Creation ITIL® v3 Glossary

Therefore… LPA

Information Security Incidents are ITIL Incidents Lucas Walker, Information Security & Privacy Office, University of New Mexico LPA

The Boring Stuff LPA Policy 2550, Section 2.7

All breaches of information security must be reported immediately to security@unm.edu. University of New Mexico Administrative Policies and Procedures Manual - Policy 2550: Information Security LPA UNM Policy Mandates that information security incidents be reported to ISPO

More Boring Stuff University of New Mexico Incident Management Program LPA University of New Mexico Incident Management Program

The purpose of Incident Management is to direct the activities of UNM employees when responding to an Information Security Incident to ensure a timely and appropriate response to all Information Security Incidents. University of New Mexico Incident Management Program LPA Incident Management’s Purpose

Major vs. Minor Incident LPA - LW

Major incidents can involve highly sensitive data, can have a high impact, or can have the potential for high impact on institutional reputation, services, information, and operations. These types of incidents require the involvement of various UNM teams, internal and external, to assist in the response. University of New Mexico Incident Management Program LW Major Incidents

Major Incident Examples Incidents involving: High severity vulnerabilities as defined by the ISPO Vulnerability Management Program Component Compromised or exposed enterprise systems of record, especially those that result in extended outages (breaches) Systems that are conducting attacks against other UNM services or against the services of third parties Successful targeted social engineering, such as Spear Phishing Law enforcement agencies LW

Minor incidents rarely have a significant impact on institutional services and operations. Often, minor incidents are isolated and / or not the result of targeted attacks. Furthermore, these types of incidents have a prescribed or known method of resolution, such as a patch installation, malware definition update, or configuration change. These types of incidents are generally resolved by following Standard Operating Procedures (SOPs). University of New Mexico Incident Management Program LPA Minor Incidents

Minor Incident Examples Incidents involving: Vulnerable UNM Systems* Lost or theft of a UNM device* Compromised… NetIDs sending phishing emails Hosts participating in botnets Websites (defacements) * Where no sensitive data is at risk LPA

Stages of Incident Response LW

Validate that an incident has occurred Identify Validate that an incident has occurred Determine the scope of the incident Contain Limit system access Create investigative copies of logs, data, media, etc. Remove Change passwords where appropriate Re-Image systems & restore from backups Restore Bring services back up Monitor Review Identify root-cause & and service restoration steps Identify opportunities for improvement LW

How do I report a potential Information Security Incident? Minor Incidents Security Mailbox (security@unm.edu) Help.UNM UNM IT – Service Desk (7-5757) Major Incidents ISPO On-call (7-2497) Anonymous Reporting UNM Compliance Hotline (1-888-899-6092) UNM EthicsPoint See https://ispo.unm.edu/contact-information.html for a complete list of contact methods. LPA

Q and A LPA You ask questions, we’ll answer them.

Contact Us ispo.unm.edu LPA