Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Incident Response Primer

Published byLynette Lester Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security Incident Response Primer"— Presentation transcript:

1 Information Security Incident Response Primer
LW Presented by Lucas Walker & Lawrence Alderete

2 I am responsible. Although I may not be able to prevent the worst from happening, I am responsible for my attitude toward the inevitable misfortunes that darken life. Bad things do happen; how I respond to them defines my character... Walter “Bob” Iglis Anderson, American painter, writer, and naturalist LW

3 First, Some Basics LW Defining the term ‘Incident’

4 An unplanned interruption to an IT service or reduction in the quality of an IT service.
ITIL® v3 Glossary LW Incident

5 The ability of a product, service or process to provide the intended value.
ITIL® v3 Glossary LW Quality

6 Utility Value Warranty Value Creation Performs Adequately or;
Has No Constraints Fit For Purpose Continuous Availability and; Has Enough Capacity and; Secure Continuous Availability and; Has Enough Capacity and; Secure LW -> LPA Fit For Use Value Creation ITIL® v3 Glossary

7 Therefore… LPA

8 Information Security Incidents are ITIL Incidents
Lucas Walker, Information Security & Privacy Office, University of New Mexico LPA

9 The Boring Stuff LPA Policy 2550, Section 2.7

10 All breaches of information security must be reported immediately to security@unm.edu.
University of New Mexico Administrative Policies and Procedures Manual - Policy 2550: Information Security LPA UNM Policy Mandates that information security incidents be reported to ISPO

11 More Boring Stuff University of New Mexico Incident Management Program
LPA University of New Mexico Incident Management Program

12 The purpose of Incident Management is to direct the activities of UNM employees when responding to an Information Security Incident to ensure a timely and appropriate response to all Information Security Incidents. University of New Mexico Incident Management Program LPA Incident Management’s Purpose

13 Major vs. Minor Incident
LPA - LW

14 Major incidents can involve highly sensitive data, can have a high impact, or can have the potential for high impact on institutional reputation, services, information, and operations. These types of incidents require the involvement of various UNM teams, internal and external, to assist in the response. University of New Mexico Incident Management Program LW Major Incidents

15 Major Incident Examples
Incidents involving: High severity vulnerabilities as defined by the ISPO Vulnerability Management Program Component Compromised or exposed enterprise systems of record, especially those that result in extended outages (breaches) Systems that are conducting attacks against other UNM services or against the services of third parties Successful targeted social engineering, such as Spear Phishing Law enforcement agencies LW

16 Minor incidents rarely have a significant impact on institutional services and operations. Often, minor incidents are isolated and / or not the result of targeted attacks. Furthermore, these types of incidents have a prescribed or known method of resolution, such as a patch installation, malware definition update, or configuration change. These types of incidents are generally resolved by following Standard Operating Procedures (SOPs). University of New Mexico Incident Management Program LPA Minor Incidents

17 Minor Incident Examples
Incidents involving: Vulnerable UNM Systems* Lost or theft of a UNM device* Compromised… NetIDs sending phishing s Hosts participating in botnets Websites (defacements) * Where no sensitive data is at risk LPA

18 Stages of Incident Response
LW

19 Validate that an incident has occurred
Identify Validate that an incident has occurred Determine the scope of the incident Contain Limit system access Create investigative copies of logs, data, media, etc. Remove Change passwords where appropriate Re-Image systems & restore from backups Restore Bring services back up Monitor Review Identify root-cause & and service restoration steps Identify opportunities for improvement LW

20 How do I report a potential Information Security Incident?
Minor Incidents Security Mailbox Help.UNM UNM IT – Service Desk (7-5757) Major Incidents ISPO On-call (7-2497) Anonymous Reporting UNM Compliance Hotline ( ) UNM EthicsPoint See for a complete list of contact methods. LPA

21 Q and A LPA You ask questions, we’ll answer them.

22 Contact Us ispo.unm.edu LPA

Download ppt "Information Security Incident Response Primer"

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Service-now.com Incident and Problem Management

Service-now.com Incident and Problem Management
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Incident Management ISD Division Office of State Finance.

Incident Management ISD Division Office of State Finance.
Network security policy: best practices

Network security policy: best practices
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
General Awareness Training

General Awareness Training
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery. 2015 Risky Business Week.

2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Roles and Responsibilities

Roles and Responsibilities
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google