Joe, Larry, Josh, Susan, Mary, & Ken

Slides:



Advertisements
Similar presentations
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Advertisements

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works
Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
Controls for Information Security
Stephen S. Yau CSE , Fall Security Strategies.
Why Comply with PCI Security Standards?
Payment Card Industry (PCI) Data Security Standard
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
BUSINESS B1 Information Security.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 6 of the Executive Guide manual Technology.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Appendix C: Designing an Operations Framework to Manage Security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Note1 (Admi1) Overview of administering security.
Wireless Intrusion Prevention System
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.
Albany Bank Corporation Security Incident Management Program.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Law Firm Data Security: What In-house Counsel Need to Know
CS457 Introduction to Information Security Systems
Your Partner for Superior Cybersecurity
Performing Risk Analysis and Testing: Outsource or In-house
PCI-DSS Security Awareness
Firmware threat Dhaval Chauhan MIS 534.
Cybersecurity - What’s Next? June 2017
Case Study - Target.
Team 1 – Incident Response
Critical Security Controls
Team 4 – Mack, Josh, Felicia, Kevin and Walter
Team 2 – understand vulnerabilities
Internet Payment.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Today’s Risk. Today’s Solutions. Cyber security and
Valid And Updated CS0-001 Exam Certifications Dumps Questions
Cyber attacks on Democratic processes
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
How to Mitigate the Consequences What are the Countermeasures?
Incident response and intrusion detection
Computer Emergency Response Team
Security week 1 Introductions Class website Syllabus review
Cybersecurity EXERCISE (CE) ATD Scenario questions
16. Account Monitoring and Control
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
Using Software Restriction Policies
Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd
Cybersecurity Simplified: Phishing
Anatomy of a Common Cyber Attack
Presentation transcript:

Joe, Larry, Josh, Susan, Mary, & Ken

Team 3 – Incident Response Team 3 is the senior IT Operations that owns Target’s Security Operation Center (SOC). Focus on Incident Response and Operations. Team 3: Cybersecurity Risk Management of Incident Response How would you describe your current processes for incident response? What do you want change in your incident response plans and processes? What exercises do you want to conduct going forward? How do you plan to work with others to ensure that you can better respond and recover?

Target’s multiple layers of protection Target has multiple layers of protection in place: Firewalls, malware detection, intrusion detection, intrusion prevention, and data loss prevention tools. Target has certified as compliant with the Payment Card Industry Data Security Standards (PCI-DSS) in September 2013.

Target Incidents Timeline

Target current processes failed to respond to incidents: 1. How would you describe your current processes for incident response? Target current processes failed to respond to incidents: Failed to respond to multiple automated warnings from the company’s anti-intrusion software. Failed to respond to Symantec software identifying malicious activity. Failed to respond to multiple FireEye alerts. Failed to respond to infiltration due to improperly isolating its most sensitive network assets.

2. What do you want change in your incident response plans and processes? Replace from static tool to continuously monitoring. Implement multifactor authentication and use white listing. Hardening systems and accounts, and elimination or alteration of unneeded default accounts. Analysis of false positive and false negative reporting in more detail and analysis of the location of credentialed users in the network. Separate sensitive network assets from suppliers and vendors, and install strong firewalls between Target’s internal systems and the outside Internet. Share threat information with partners and encourage collaboration with community. Properly report unknown security incident to the U.S. Computer Emergency Readiness Team (US-CERT).

3. What exercises do you want to conduct going forward? Phishing emails. Malicious attachments. Malware attack. Penetrations test, password and other suspicious requests. Whitelist and blacklist. Unauthorized computers and devices on network.

Training and practice incident response exercises. 4. How do you plan to work with others to ensure that you can better respond and recover? Coordinate incident response activities with organization’s contingency planning activities. Collaborate with others to implement incident response that includes preparation, detection and analysis, containment, eradication, and recovery. Training and practice incident response exercises. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and exercises, and implements the resulting changes accordingly.

Team 5: Senior Corporate Operations Group What is the best way to manage the risk of others interfacing with our network and systems? Identify, Segregate and Monitor. How should you control others on your network for access and authorization? 2 Factor authentication and least privilege. What should be required of vendors and sub-contractors to work with your systems? Restrict based on PPS/DAPE. Require signed AUPs/SLAs for cybersecurity. How do you ensure proper training and certification of sub- contractors and vendors? Develop standard. Tie to contracts award/renewals and performance reviews. Continuously monitor.

Back Up Steps for success incident response exercises: Design and plan exercise around a real-world scenario. Establish the exercise objectives and identify participants. Define success criteria to judge exercise’s performance. Brief the facilitator, scribe, and judging panel in advance. Evaluate your exercise’s performance in a Hotwash. Capture recommendations in an After-Action report.