Incident Handling and Response Breakout Overview.

Slides:



Advertisements
Similar presentations
Administrative Council Retreat – “Campus Safety and Security” August 13, 2007 Administrative & Information Services Greg Burris.
Advertisements

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Emergency Plan GENERAL AWARENESS TRAINING. Aim To provide staff with an overview of the school emergency plan.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Controls – What Works
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Applied Cryptography for Network Security
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Plumsted Township School District Emergency Management Presentation August 22, 2012.
Network security policy: best practices
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
TOTAL QUALITY IMPROVEMENT (AGENDA ITEM 5) DECISION EXPECTED TAKE NOTE OF THE RECOMMENDATIONS AND IMPLEMENT THEM AS PART OF QUALITY PLAN th PAPU Administrative.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
UK GRID Firewall Workshop Matthew J. Dovey Technical Manager Oxford e-Science Centre.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
PAR CONFERENCE Homeland Defense A Provider’s Perspective Lessons from TMI Dennis Felty November 15, 2001.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
TTA activity for countering BOTNET attack and tracing cyber attacks 14 July, 2008 Heung-youl Youm TTA, Korea DOCUMENT #:GSC13-GTSC6-07 FOR:Presentation.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Information Systems Security Operational Control for Information Security.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Chapter 5: Implementing Intrusion Prevention
Note1 (Admi1) Overview of administering security.
EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
BGRI Face-to-Face Meeting 11 March 2012 San Jose, Costa Rica.
NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Policy, Standards, Guidelines. NSF draft Article for FATC supplement The awardee is responsible for all information technology (IT) systems security and.
TEFMA 2008 Sudhish Nayyar. AGENDA CRISIS –What is the worst thing that could happen? –Where? –When? Steps in effective Crisis Management Aon’s capabilities.
Elementary School Administration and Management GADS 671 Section 55 and 56.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.
IS3220 Information Technology Infrastructure Security
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Bob Jones EGEE Technical Director
ASEAN-WEN : Recent Development, Key Activities, Challenges and Opportunities Presented for Second Global Meeting of the Wildlife Enfrocement Networks 28.
Safety and Security Management Fundamental Concepts
ISSeG Integrated Site Security for Grids WP2 - Methodology
Chapter 8 – Administering Security
Disaster and Emergency Planning
Team 1 – Incident Response
Office 365 Security Assessment Workshop
CompTIA Security+ Study Guide (SY0-501)
OHS Staff Introduction Training
Cybersecurity ATD technical
Physical Security.
BUSINESS CONTINUITY PLAN
ENVIRONMENT MANAGEMENT
BUSINESS CONTINUITY PLAN
Presentation transcript:

Incident Handling and Response Breakout Overview

Recommendation I NSF should fund a formal inter-site notification mechanism. –Look to REN-ISAC or computer security incident working group at I2 as models. –Use as a trusted clearinghouse for time sensitive security information. –Formalize a simple way to exchange data, i.e. not a complete IODEF/RFC –Set policy regarding information sharing requirements with NSF.

Recommendation II Create a set of common Incident Response Procedures, and training. Maybe based on a simplified version of NIST Have a incident response “playbook” available consisting of a short summary of what do immediately after an attack. Establish Training specifically designed for system administrators and site security personal which focuses on incident response and basic forensic analysis. DOE has IPWAR (DOE M C, Incident Prevention, Warning, and Response)

Recommendation II (cont) Details in implementing Suggestion II: –Getting sites to agree to follow procedures. –Security staff having authority to implement procedures. –Conforming with site policies. –Taxonomy of security: clarify “Incident”, “Event” etc to normalize usage in reporting. –Identifying Inter-Site Events -- your compromise might affect me. –Fire drills -- practice, practice, practice.

Recommendation III Fund a workshop designed to solve the “Small Facility” problem. –Opportunistic threat to Large Facilities. –Typical problems include lack of security staff and resources to deal with even simple problems.

Recommendation IV Develop an agenda for increasing international security cooperation to support international science. –How to respond to international security issues? –Organize a workshop addressing the impact of security issues on global science. –Invite I2, ESnet, FIRST and EU counterparts.

Recommendation V Focus security efforts on high risk/impact threats. –Nature of incidents are changing: More skilled attackers with greater resources – example Organized Crime. Awareness of counter-intelligence attacks. Credential loss and the insider threat. DDoS hasn’t been much of an issue.

Recommendation VI Develop Large Site Best Practices 10+ Gig networks. –How to monitor data stream? –Bulk recording. Host based IDS. Dealing with asymmetric routing. Connection record storage and use for large data sets ( > 1e9 records).