Albany Bank Corporation Security Incident Management Program.

Slides:

Advertisements

Similar presentations

SL21 Information Security Board Mission, Goals and Guiding Principles.

Advertisements

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Security Controls – What Works

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Computer Security: Principles and Practice

First Practice - Information Security Management System Implementation and ISO Certification.

Network security policy: best practices

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Internal Auditing and Outsourcing

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

SEC835 Database and Web application security Information Security Architecture.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Global Program Management Dawn Davis, SVP Global Records Management.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.

How To Build a Testing Project 1 Onyx Gabriel Rodriguez.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Illuminating Britelite’s Internal Services for Success Strategy for Process Improvement.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

GRC: Aligning Policy, Risk and Compliance

Incident Response Christian Seifert IMT st October 2007.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Business Continuity Planning 101

Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Information Security Program

Cybersecurity - What’s Next? June 2017

Cybersecurity Policies & Procedures ICA

Joe, Larry, Josh, Susan, Mary, & Ken

Information Security Board

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

Office 365 Security Assessment Workshop

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.

Cybersecurity ATD technical

Business Continuity Program Overview

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Data Security and Privacy Techniques for Modern Databases

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

Albany Bank Corporation Security Incident Management Program

CONSULTANTS Taurus Allen Destiny Dyer Marta Pelyo Daniel Post Michele Reina Robert Warshauer 2

PROJECT OBJECTIVES 1.Create an effective security incident management program 2.Compliance with regulatory and industry standards 3.Identifying potential vendors 4.Implementation of roadmap 3

AGENDA Project Approach Bank Profile Purpose of Security Incident Management Program Industry Regulations and Standards Explanation of Proposed Program Workflow Vendor Recommendations Roadmap 4

PROJECT APPROACH 5 Objective: To assist ABC with creating and recommending a security incident management program. Research of Current Events, Weekly Status Report, Project Timeline, Peer Evaluations Phase 1 Planning and Content Research Phase 2 Content Development and Recommendations Phase 3 Final Presentation and Preparation

BANK PROFILE 6 Overview: 20 th largest bank in the United States Specializes in commercial, retail, investment banking Holds $50 billion of assets Problems Facing Albany Bank Corporation: Well known hacking group breached security records Approximately 20 million customer records compromised ABC did not have formal incident security program in place Reputational and financial losses

RECENT BREACHES These breaches occurred due to lack of: Adequate cyber security Detailed incident response procedures Efficient detection/analysis and containment strategies 7

SECURITY INCIDENT MANAGEMENT OBJECTIVE Process of monitoring and detecting threats to a network Encompasses integrating IT management systems Identifies and prioritizes incidents based on business impact Used to protect confidential data 8 NIST Cybersecurity Framework

INDUSTRY REGULATIONS: FFIEC Purpose: To develop and ensure uniformity of report forms, standards, and principles for financial institutions Incident Management Requirements: Periodic risk assessments Layered security controls Member awareness and education Ad-Hoc activity monitoring Defined escalation protocols 9

INDUSTRY STANDARDS: ISO Purpose: To provide a model for Information Security Management System Incident Management Requirements: Management of information security risks Develop criteria for accepting risks and identifying level of risks Identify and evaluate options for treatment of risks Implement training and awareness programs

INDUSTRY STANDARDS: NIST REV 2 Purpose: Computer Security Incident Handling Guide Incident Management Requirements: Procedure for performing incident handling and communication Incorporation of response teams in incident handling process Reduce frequency of incidents 11

INCIDENT RESPONSE LIFECYCLE 12 Steps: Preparation Detection Analysis/Classification Containment Eradication/Recovery Post-Incident Activity

INCIDENT RESPONSE LIFECYCLE: PREPARATION 13 Checklist to ensure that all pivotal functions and procedures of incident response program are being performed

INCIDENT RESPONSE LIFECYCLE: PREPARATION Establish escalation procedures and response teams Improve educational awareness Training sessions Document procedure checklist Implement a playbook system Install malware protection software Create a simulated attack program to test response teams 14

INCIDENT RESPONSE LIFECYCLE: DETECTION 15 C03 automated system Report incident: Ticketing System Open Ticket Here Triage Incident Significance of the constituency Experience of the incident reporter Severity of the incident

INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATION 16 Financial RangesUsers Critical Loss of more than $5 Million Affects 76%-100% High Loss between $3 – 5 Million Affects 51%-75% Medium Loss between $1 – 3 Million Affects 25%-50% Low Loss of less than $1 Million Affects 0-24% Impact: Measures the effect of an incident on the company

17 Core Business Operations Critical Interferes with core business functions or loss of critical data High Interferes with non-core activities or functions that do not affect the entire company Medium Interferes with normal completion of work or tasks that are more difficult but not impossible to complete Low Interferes with non-business related use Urgency: Measures the effect an incident has on the core business functions INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATION

Incident PriorityTimeframe Critical Action within 1 hour Resolution within 1 day High Action within 2 hours Resolution within 2 days Medium Action within 1 day Resolution within 5 days Low Action within 2 days Resolution within 7 days 18 Response and Resolution Time for Incidents:

INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATION 19 Incident Classification Matrix Impact Matrix Key CriticalRed HighBlack MediumGray LowWhite

INCIDENT RESPONSE WORKFLOW 20

21

INCIDENT RESPONSE LIFECYCLE: DETECTION/ANALYSIS 22 Detection / Analysis Checklist:

INCIDENT RESPONSE LIFECYCLE: CONTAINMENT 23 Sandbox method: Threat quarantined, assessed and monitored Freeze assets threatened Suspend network services Protect the chain of custody

INCIDENT RESPONSE LIFECYCLE: ERADICATION/RECOVERY 24 Checklist What information is recoverable What information is permanently lost Timeline of recovery Restore systems Change passwords Tighten network Replace compromised files Install patches

INCIDENT RESPONSE LIFECYCLE: ERADICATION/RECOVERY 25 Eradication/Recovery Checklist:

INCIDENT RESPONSE LIFECYCLE: POST-INCIDENT 26 Perpetual loop of improvement: Improve technology Follow up report Lessons learned meeting Trend analysis team Communicate incidents to affected users Post-Incident Checklist

27 IDENTIFYING POTENTIAL VENDORS Vendor Checklist

IDENTIFYING POTENTIAL VENDORS 28

IDENTIFYING POTENTIAL VENDORS 29 Ticketing system Compliance of Security Incident Response Cycle Risk assessment Auditing Employee training Single user sign on Workflow Matrix Automatic response system Advanced layered security Risk management Compliance Major Solutions Offered:

SECURITY MANAGEMENT PROGRAM: ROADMAP Months Preparation Step I 3-6 Months Implementation Step II 6-18 Months Finalization Step III

PHASE ONE: 0-3 MONTHS 31 Research of regulation and standards Finalize business function requirements Implement response teams: red, black, gray, and white Perform vendor selection Effective escalation process (via use of teams) Manual management for short term security incident response program

PHASE TWO: 3-6 MONTHS 32 Implement the selected vendor tools Implement the workflow Implement the tool for manual Define and document incident response plans Implement incident management and ticketing system Continuous management of any security incident

PHASE THREE: 6-18 MONTHS 33 Perform security response testing/training Initiate a communication plan for security incident management program for internal/external stakeholders Meets legal and regulatory tandards Employee education and training Customer awareness Vendor training: Roles and responsibilities Trend analysis capability

MEASURE OF SUCCESS 34 How fast was incident contained? How quickly did Albany Bank Corporation recover from the incident? How well did Albany Bank Corporation mitigate their losses? How effective was Albany Bank Corporation’s communication of incident?

Initiate Incident Response Program Quarterly assessment of risks Annual testing of response teams and procedures 35 We guarantee to help “Chase Risk Away” NEXT STEP RECOMMENDATIONS