Scenario Discussion.

Slides:



Advertisements
Similar presentations
Facebook for RSVP’ers You can do it!. What Questions Do You Have? What are you wanting to learn at this training?
Advertisements

Password District Data Breach Exercise [District Name] [Date] [Logo]
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
INTERNET and CODE OF CONDUCT
Outcomes Learn how to utilize the PWCS Workspace application
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
BRIAN WYKA.  Web-based project manager  Ideal for small company  Portal for employees to interact with each other  A way for administrators to monitor.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
IPortal Bringing your company and your business partners together through customized WEB-based portal software. SanSueB Software Presents iPortal.
Privacy & Confidentiality in Internet Research Jeffrey M. Cohen, Ph.D. Associate Dean, Responsible Conduct of Research Weill Medical College of Cornell.
Legal Holds Department of State Division of Records Management Kevin Callaghan, Director.
0 Electronic Subcontracting Reporting System (eSRS) Department of Defense Government Training Submitting a SSR – Individual Plan.
January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.
ID8 TEAM 2012 Caroline Amaba Ryan Gavin Mike Hegadorn Greg McLeod John Scire Nirmal Rajan.
End User Process Help - (UK) Immigration Visa Administration.
New Employee Orientation
Chapter 40 Internet Security.
Safeguarding CDI - compliance with DFARS
Law Firm Data Security: What In-house Counsel Need to Know
SAP Integrated Business Planning
Solutions of Case Study 4 & 6
Reduced Workforce Tabletop Exercise [facilitator/moderator name]
Understanding The Cloud
Hiring Manager onboarding
Information Security.
Cyber Crime What’s all the fuss about?
Responding to a Data Breach 360° of IT Compliance
Cyber Security & IT: What’s Next?
Cyber Security Awareness Workshop
Data Compromises: A Tax Practitioners “Nightmare”
LAUSD Responsible Use Policy (RUP)
Agenda Equifax data hack Best Buy stops selling Kaspersky
THE STEPS TO MANAGE THE GRID
1Z0-477 VCE Questions
Unit 7 – Organisational Systems Security
Call AVG Antivirus Support | Fix Your PC
CYB 100 Teaching Effectively-- snaptutorial.com
Risks & Reality Cyber Security Risks & Reality
WORK STUDY SUPERVISOR TRAINING.
Approving Timesheets.
Family Education Rights and Privacy Act
Cyber Issues Facing Medical Practice Managers
Cyber Calamity Exercise Briefing TBD.
How to survive a ransomware attack and live to tell about it
DFARS Cybersecurity Requirements
CompTIA Security+ Study Guide (SY0-401)
Internet law Business law.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Information Security Awareness
Bethesda Cybersecurity Club
To the ETS – Accounts Setup and Preferences Online Training Course
Preparing for and ADMINISTERING the ABMGG IN-TRAINING EXAMINATION
Premier Employee Program Version 4.0
Social Media Team The purpose of Social Media team is to get useful connections as well as keep in touch with contacts on LinkedIn and Facebook to communicate.
Vendor Management The Risks to Your Business
Cyber Security: What the Head & Board Need to Know
Security of People, Property and Information
Upcoming PIPEDA Changes
DDoS attack Turn slides
The Troubleshooting theory
Colorado “Protections For Consumer Data Privacy” Law
Targeted Data Breach Turn slides
Cybersecurity Simplified: Ransomware
Anatomy of a Common Cyber Attack
Cloud Computing for Wireless Networks
Presentation transcript:

Scenario Discussion

Scenario 1 Company A holds contracts with DoD and Department of State. ItsHR Department begins to receive calls and emails regarding an email that was sent to Company employees notifying employees of a software upgrade to the Company’s HR application. Employees use the application to access their employment information such as pay stubs and benefits information. The email advised employees that the software upgrade required them to click on a link contained in the email in order to download the updated software. 

Scenario 1 (continued) Several employees reported to HR that, although they clicked on the link to upgrade the software per the email’s instructions, the upgrade did not run properly and the application appeared not to update. HR does not report this issue to IT or anyone else. Other employees reported to IT that they properly installed the upgrade, but that that their machines have been running slowly ever since.  IT initiates a service ticket inquiry, but does not advise anyone else in the company.

Scenario 1 (continued) One of the affected employees is an administrative user with privileged access to multiple servers including those containing CDI.  This user cut and pasted the link to his browser without reading the link and bypassing SOP. At this point in the investigation, IT confirmed malware on a database server known to contain CDI and has initiated the Incident Response Process. The Information Security Team has not detected any data exfiltration to date. IT now notifies Company A management. Company A spends 2 weeks determining the type of CDI potentially affected, and reviewing its contracts.

Scenario 1 (continued) Questions to consider What is the first event that could have been a “cyber event”? How did internal company reporting system work? How well did users comply with NIST standards? Did Company have appropriate system monitoring? How prepared was Company A? How should Company A have conducted the investigation? When should it have notified DoD? What other regulatory notification obligations may be in play?

Scenario 1 (continued) Right before the Company notifies DoD, The FBI visits the company and delivers a victim notification letter. On that same day, an employee receives a voicemail from a cybersecurity blogger who stated that he has become aware of an apparent ongoing hack at the Company and would like to give the company an opportunity to comment before he posts his story on Tuesday. Blogger article published and picked up by media. Company contacted by Customers.  The Company hears through an employee that a sub-contractor working on creating CDI has also been experiencing system problems. Company contacts sub, who assures them that there’s nothing to worry about because they’re using the cloud.

Scenario 1 (continued) Questions to consider: What role does law enforcement play? When should they be involved? How should a company react to outside players like the blogger? Does that contact need to be disclosed to DoD? How does Company deal with customers? How does Company deal with subcontractors? Did the subcontract have appropriate flow-down language? What issues does use of the cloud introduce?

Scenario 1 Complication On Sunday evening, a Company Admin Employee receives an email from an unknown address indicating that all files in the database that stores CDI are encrypted. The email further advises that decryption is only possible with a privacy key and decrypt program, located on the sender’s secret server. To receive the private key, the sender demands the equivalent of $10,000, paid by Bitcoin, by Monday morning at 9 AM.   Now what happens?