Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

2 Language of Computer Crime Investigation

ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.

Defence in Depth: What’s Next? Kent Schramm Head, Cyber Security.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Chapter 17 Controls and Security Measures

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Axis Intelligent Video Intelligence where you need it.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Module 8: Implementing Administrative Templates and Audit Policy.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Norman SecureSurf Protect your users when surfing the Internet.

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Social impacts of the use of it By: Mohamed Abdalla.

Cyber crime & Security Prepared by : Rughani Zarana.

What is FORENSICS? Why do we need Network Forensics?

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.

Models of Models: Digital Forensics and Domain-Specific Languages Daniel A. Ray and Phillip G. Bradford The University of Alabama Tuscaloosa, AL

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.

1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

Research Interest overview and future directions Mina Guirguis Computer Science Department Texas State University – San Marcos CS5300 9/16/2011.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Module 6: Designing Security for Network Hosts

1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

Investigating Sophisticated Security Breaches Digital Forensics has proven tough in the age of sophisticated Intruders.

Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.

Security for Online Games Austin GDC, September 2009 Tim Ray, CISSP.

Sky Advanced Threat Prevention

Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.

Module 10: Implementing Administrative Templates and Audit Policy.

By Celine and Josh.  A loss caused by customer theft, fraudulent payment, or nonpayment  Shoplifting costs retailers billion dollars a year, according.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Ned Einsig III.  Domestic Intelligence & Security Service of the United States  Prime Federal Law Enforcement Organization  Jurisdiction on over 200.

Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.

Safe’n’Sec IT security solutions for enterprises of any size.

Role Of Network IDS in Network Perimeter Defense.

Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.

Regional Cyber Crime Unit

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

How to Make Cyber Threat Intelligence Actionable

Implementing Security Education, Training, and Awareness Programs By: Joseph Flynn.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

Information Security in Laurier Grant Li Wilfrid Laurier University.

Models of Models: Digital Forensics and Domain-Specific Languages

Proactive Incident Response

Anti Virus System i-Specific Anti-Virus Product

Cybersecurity - What’s Next? June 2017

Systems Security Keywords Protecting Systems

Attacks on The Manufacturing Industry

PROACTIVE SNOOPING ANALYSIS

David Sayago EU Research Funding Team Valorisation Centre.

Technology Convergence

The FBI The Federal Bureau of Investigation is the top law enforcement agency. They investigate all federal crimes and crimes where jurisdiction crosses.

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

Presentation transcript:

Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office

Learning Points Creating and Maintaining a Security Policy Baseline. The Importance of Security Preparedness and Response Techniques. Overall Structure and Education of the Security Operations Center.

Break Down: Security Policy Customize for your organization Do not borrow from elsewhere Create a policy to enable accountability It has to have teeth Easy to comprehend Security Operations Staff and Policy Allow staff to provide input to policy Creates an full understanding and becomes a product staff is passionate about

Break Down: Preparedness Impossible to prevent so be prepared Not just another plan! How do you document and store your plan? How do you truly test your plan and why spend the time and resources?

Break Down: Security Operations Structure Distribute Resources Create a lab environment Encourage creativity Use the lab to educate Keep Politics Out! Top heavy Keep senior management apprised of situations but do not give them too much information and ensure you speak their language (no jargon).

Break Down: Security Operations Structure Security Operations Center Staff Educate personnel Pay the price to either educate or pay the salary for the best of the best Create an environment conducive to threat awareness Communicate with your peers, other organizations, federal partners, academia, etc Learn what your up against

Viruses and Malware Today What are we up against? Industrial and Military espionage Foreign governments Criminal organizations Malware Evolved Undermine security measures Disables Anti-virus Connects from within your network to remote command and control servers Malware Design Cognizant of digital forensics techniques Encode and conceal network traffic Minimize traces left on file system

Response Techniques Containment Simple right? You want to contain without hindering any potential investigation Preservation To understand the attack malware forensics must be deployed Forensic Examination Pay for the tools Preservation of volatile data and logs Dynamic Processes Most likely, no two responses will be the same

Conclusion Policy and Preparedness Personnel and Structure Tools and Techniques Q&A Thank you Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office