You’ve been hacked, now what? By Wild Wild West. Agenda Overview What we did do Alternative Solutions Best solution: CSIRT.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,
Strategic Plan Template
Learning Objectives LO1 Summarize the financial statement audit process. LO2 Explain the main characteristics of an independent audit engagement. LO3 Describe.
Security and Personnel
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.
You’ve been hacked, now what? by Wild Wild West. Engineering firm that makes speakers. Startup, new game changing product with Twatter technology. 40.
Boost your network security with NETASQ Vulnerability Manager.
OneMinnesota January 25, 2012 Carolyn Parnell OET Commissioner and State CIO.
1 Chapter 9 E-commerce portal design strategy. Learning objectives  At the end of the chapter, the students would learn  The need to design e-commerce.
Network security policy: best practices
ADAPTED FROM CAREERS IN BUSINESS.COM Business Majors and Careers.
ORGANISATION STRUCTURE
1 Continuity Planning An Overview…. 2 Continuity Planning Bill Scott CBCP Contingency Planning Coordinator Great Lakes Educational Loan Services, Inc.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
A Major Business Disruption A Strategy for Minimising the Downtime Anthony Hegarty Mitigating Risks.
Resources to Support Training Programs for CSIRTs.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Implementing and Auditing Ethics Programs
Management & Leadership
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
Lecture 3 Managing the Development Project SFDV Principles of Information Systems.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Project Charters Module 3
Appendix C: Designing an Operations Framework to Manage Security.
Disaster Planning The Ten Commandments of Success June 2014.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Harnessing Technology for Transparency As many of you will know, one of Indigo Trust’s big passions is how modern mobile and web technologies can be harnessed.
Incident Response November 2015 Navigating a Cybersecurity Incident.
Enterprise Service Management (ESM) An Approach for Adopting and Adapting Best Practice Programs to Manage, Secure and Improve an Organizations Information.
E conomy of L ive E vent T alent and E ntertainment sys E ELETE SYSTEMS * Market System Alignment.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
IT-Secrurity Cookbook Enter your login: Enter your password:
CYSSC - Cluster 2.0 Partner Management Final Deliverable High Sensitivity Sep 2, 2011 Cluster 2.0 Project Team.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Boston Medical Center Provider Onboarding Overview Boston Medical Center Provider Onboarding Overview Bob DeMayo Director, Medical Staff Affairs & Credentialing.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Copyright 2016, Techarex Networks LLC. | | Call Toll-Free : Benefits Of Hosted QuickBooks For CPA Firms.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Managed IT Solutions More Reliable Networks Are Our Business
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Protection of CONSUMER information
The Marshall University Experience with Implementing Project Server 2003 August 9, 2005 Presented by: Chuck Elliott, M.S. Associate Director, Customer.
Responding to Intrusions
Cloud vs. On-premise 5 Advantages of Cloud Deployment
Unit 7 – Organisational Systems Security
Infrastructure, Data Center & Managed Services
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
I have many checklists: how do I get started with cyber security?
Enterprise Roles and Structures:
Retiree Eligibility Benefit Intake System Upgrade and Enhancement
National Cyber Security
Cybercrime and Canadian Businesses
Employee engagement Close out presentation
2019 Local School District Charter Application Process
Neil Kirton and Zoë Newman
Avoiding the “Cash Flow Crunch”
Lecture 15: Cybersecurity management
Computer System Security
Anatomy of a Common Cyber Attack
Presentation transcript:

You’ve been hacked, now what? By Wild Wild West

Agenda Overview What we did do Alternative Solutions Best solution: CSIRT

What we did do… Technical Team – Easy solution – Patches/Updates – Rebuilt

What we did do… Business Team – Senior management, legal, public relation – Report incident to law enforcement/government agency – Notify business partners and investors – Decision

Downtime Cost per week (total $352,500) : – 2 Acoustic Engineers (consultant): $15,000 – Management (5 people): $25,000 – Non IT Staff (30 people): $62,500 – Delay in launch: $250,000

Solution Alternatives

Alternatives Considered 1.Hire outside consultants 2.Technology-based HW/SW solution 3.Computer Security Incident Response Team (CSIRT)

InfoSecurity Consulting Firm $20k - $200k+ depending on scope and deliverables Forensics-only approach likely to be inconclusive Expanded scope well beyond our budget Plus, likely to lead to further expenditures

Let Tech Solve the Problem? Another wide spectrum of options…

Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? Tier I CiscocaJuniper

Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? B.Homegrown Approach? Tier I Open Systems CiscocaJuniper

Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? B.Homegrown Approach? Tier I Open Systems CiscocaJuniper MacGyver

Let Tech Solve the Problem? Another wide spectrum of options… A.Tier I enterprise class solution? B.Homegrown Approach? C.Something in between? Tier I Open Systems CiscocaJuniper MacGyver

What We Did Decide… Conduct Nessus scan of our network Plug all high and medium risk firewall vulnerabilities identified ADDED! open source IDS product for faster recognition of attempted attacks or successful exploits

What We Did Decide… Conduct Nessus scan of our network Plug all high and medium risk firewall vulnerabilities identified ADDED! open source IDS product for faster recognition of attempted attacks or successful exploits But! We didn’t stop there…

Computer Security Incident Response Team (CSIRT) Disaster Recovery Style

Security Preparation PreventionRecovery Policies, Standards, Guidelines Physical SecurityTech Security Employee Communication ?? Completely unknown ?? ?? Didn’t we already spend that money ??

Computer Security Incident Response Team Purpose After a Major Security Incident: To be able to quickly and efficiently make and execute decisions that are the best for the organization

Computer Security Incident Response Team (CSIRT) Roles – Team manager and backup team manager – Technical/Security expert – Executive – Legal expert – PR specialist – HR specialist

Computer Security Incident Response Team (CSIRT) Roles Example: – Team manager and backup team manager (IT Director, Sys Admin) – Technical/Security expert (IT Director, Sys Admin) – Executive (CEO) – Legal expert (CEO) – PR specialist (Marketing Director) – HR specialist (HR Director)

Computer Security Incident Response Team (CSIRT) Tasks – Respond quickly to a Major Security Event. – Analyze the incident – Respond to the incident in the context of the organization as a whole Law enforcement Communications to employees Legal obligations Upstream, downstream and third party communication Forensics

Computer Security Incident Response Team (CSIRT) Benefits – Monetary benefits Know the real cost of what happened Prevent wasted time/resources of employees – (calculation here) – Psychological benefits Keeps key players calmer Keeps you from making (the wrong) decision May help you save your job

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.