Consistency in Reporting Data Breaches

Slides:



Advertisements
Similar presentations
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Advertisements

A partnership approach to tackling Cybercrime Prof Bernard Silverman Home Office Chief Scientific Adviser.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Measurement of crime at international level Side Event UNSC New York February 2012 Angela Me Chief Statistics and Surveys Section UNODC.
Australian High Tech Crime Centre Resourcing Cybercrime Tuesday, 6 November 2007.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Catherine Bowen, Policy & Stakeholder Director. What is the NBCS? The National Business Crime Solution (NBCS) is a ‘Not for Profit’ Initiative that provides.
Community Issues And Needs Associated With Microbicides Clinical Trials Presenter: John M. Mutsambi, Community Liaison Officer with University of Zimbabwe.
Study Results Advanced Persistent Threat Awareness.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Class 8 The State of Cybercrime Today- Threads & Solutions.
Cyber Security Nevada Businesses Overview June, 2014.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
© 2010 Verizon. All Rights Reserved. PTE / DBIR.
INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA.
‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Cybercrime What is it, what does it cost, & how is it regulated?
Sky Advanced Threat Prevention
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.
West Midlands Police response to Cybercrime: Local, Regional and National capabilities DCI Iain Donnelly.
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
RICKY MASON COMMUNITIES INSPECTOR THE NATIONAL INTELLIGENCE MODEL L DIVISION.
Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.
Security Mindset Lesson Introduction Why is cyber security important?
Health Information Delivery Services and Solutions Peter Tippett, MD, PhD, Chairman Information Risk & Security in Healthcare Data Breach Investigation.
Regional Cyber Crime Unit
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
The Future. What will Change Fraud will not go away It will become more sophisticated and clever We have to step up to beat it June 16Caribbean Electronic.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets CRM008 Speakers: Chris Cooper, VP, Operational Risk Officer; RGA Reinsurance Company.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Surveillance and Security Systems Cyber Security Integration.
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
Information Security Program
Sharing eCrime Data Across National Borders
There Will be Attacks – Improve Your Defenses
2016 Data Breach Investigations Report
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
Public Facilities and Cyber Security
Cyber Security: State of the Nation
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.
Dissecting the Cyber Security Threat Landscape
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Cybersecurity Awareness
AJS 572 Education for Service-- snaptutorial.com.
8 Building Blocks of National Cyber Strategies
Andy Hall – Cyber & Tech INSURANCE Specialist
Modeling Cyberspace Operations
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
There Will be Attacks – Improve Your Defenses
Security Essentials for Small Businesses
Forth International Forum
Cyber security Policy development and implementation
Anatomy of a Large Scale Attack
Enhanced alerting and collaborative incident management
Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!
Cyber Security in a Risk Management Framework
Presentation transcript:

Consistency in Reporting Data Breaches The VERIS framework Consistency in Reporting Data Breaches

Some “Minor” Challenges IT is getting more complex, more value is moving online, threats are getting more sophisticated. We can’t put a value on what is stolen/lost We don’t even publicise what is stolen/lost, so there is no way of sizing the problem We have no consistent way of describing or reporting an incident, so there is no consistency as to what “good” or “bad” looks like There are no standards on reaction to incidents; evidential weight, or providence are unfamiliar concepts in most private sector There is no consistent liaison with Law Enforcement – so no chance of bringing the criminal fraternity in Cyber Crime to justice.

Things to achieve if we are to Take Action Against CyberCrime From Public Private Forum on bringing Cyber Criminals to Justice: Need for more awareness of the potential problems, and methods to combat the crimes Need for information sharing between all business sectors, public and private Need for continued education of business community; eCrime does not stand still, so this is a continuous process. Openness between organisation; we can all learn from each other. Need for international sharing of information & intelligence to deal with this expanding “cross border” crime wave. Creation of international standards for reporting.

Carnegie Mellon - CERT

Background: The DBIR series An ongoing study into the world of cybercrime that analyzes forensic evidence to uncover how sensitive data is stolen from organizations, who’s doing it, why they’re doing it, and, of course, what might be done to prevent it. The DBIR series can be thought of as an ongoing project to reduce uncertainty and equivocality. The next set of slides will (hopefully) demonstrate the value of such research to understanding and managing information risk. Available at: http://verizonbusiness.com/databreach Updates/Commentary: http://securityblog.verizonbusiness.com

Some Illustrative Headlines

Methodology: Data Collection and Analysis DBIR participants use the Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Enables case data to be shared anonymously to RISK Team for analysis Anonymously VERIS is a set of metrics designed to provide a common language for describing security incidents (or threats) in a structured and repeatable manner. VERIS: https://verisframework.wiki.zoho.com/ 7

The Incident Classification section employs Verizon’s A4 threat model How VERIS works A security incident (or threat scenario) is modeled as a series of events. Every event is comprised of the following 4 A’s: Agent: Whose actions affected the asset Action: What actions affected the asset Asset: Which assets were affected Attribute: How the asset was affected Ontbinden in factoren The Incident Classification section employs Verizon’s A4 threat model 1 2 3 4 5 > Incident as a chain of events VERIS: https://verisframework.wiki.zoho.com/ 8

VERIS takes this and… How VERIS works INCIDENT REPORT “An external attacker sends a phishing email that successfully lures and executive to open an attachment. Once executed, malware is installed on the exec’s laptop, creating a backdoor. The attacker then accesses the laptop via the backdoor, viewing email and other sensitive data. The attacker then finds and accesses a mapped file server that an internal admin failed to properly secure during the build/deployment process. This results in intellectual property being stolen from the server…” VERIS takes this and…

…and translates it to this… How VERIS works …and translates it to this…

How VERIS works …and over time to this…

This is the “see everything in one glance” visual This is the “see everything in one glance” visual. See pg 15 in the DBIR for talking points. 12

Data-driven decisions How VERIS works Data-driven decisions …to help enable this.

How can you use VERIS? Research the VERIS framework. There is a wiki available at https://verisframework.wiki.zoho.com/. Use the framework internally to track and report incidents. Use the framework cooperatively with other organizations to facilitate data sharing. Use the VERIS community site to report and share incident data at https://www2.icsalabs.com/veris/. The VERIS framework is open and free. You can use it independently of or in partnership with Verizon. We can also help you set up your own VERIS collection mechanism and/or train your staff in the framework itself. In addition, we now offer a solution to facilitate secure, anonymous VERIS-based information sharing within a single organization or between multiple consenting organizations.

Drop in Data Loss – Our Leading Hypotheses Random caseload variation Unlikely; other external sources show similar results Huge global improvement in security posture Unlikely; Not enough time and doesn’t explain rise in breaches Prosecution and incarceration of “Kingpins” Deterrence and/or scrambling among criminal groups Change in criminal tactics Away from massive breaches to smaller, less risky heists Helps explain increase in breaches Market forces (law of supply and demand) Oversupply of data in black market driving prices down Targeting different (non-bulk) data types More IP, classified data, etc stolen They’ve gotten better at evading detection Maybe; but doesn’t seem to fully account for the drop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.