Download presentation
Presentation is loading. Please wait.
1
Team 1 – Incident Response
Team 1: Senior Acquisition Team to the Board of Directors and Senior Company Leadership for another major commercial retailer (Bullseye) How would you describe Target’s situation to your Board of Directors? How could you assure senior leadership that our company is in a better situation? What would do with Target’s information to be proactive? How would you prove that you are secure enough?
2
1. How would you describe Bullseye’s situation to your Board of Directors?
BLUF: Hackers were able to access Target’s network and POS systems by compromising a third party vendor with an infected . The attackers were able to find credentials for Target’s network on the vendors systems which then allowed the attackers to get into Targets network. Target failed to respond to multiple warnings on their defenses. Due to the failed responses by Targets administrators attackers were able to maintain access for over thirty days. The continued access by attackers allowed the exfiltration of over 110 Million customers information (financial and personal) resulting in more than 200 million in cost to bank vendors.
3
2. 2.How could you assure senior leadership that our company is in a better situation?
Due to our initial assessments we are in a similar situation to Target. However after analyzing the results of the assessment and receiving new funding we are proactively taking steps to improve our security poster.
4
3. What would do with Target’s information to be proactive?
Train personnel Aggressively assess our assets using a third party company both physically and against our systems. Systems will be compartmentalized to reduce vulnerability. Ie. POS, customer data centers, critical vs non-critical systems. Improved security measures and vetting of third party vendors. Establish better processes and procedures including COOP to reduce the impact of any breach so that operation can continue to resume while the breech is mitigated.
5
4. How would you prove that you are secure enough?
Negotiate with outside Auditors to validate compliance. Conduct periodic cyber readiness inspections Provide and review monthly intrusion detection reports and validate effectiveness of perimeter and inside defenses. Provide monthly personnel training reports to senior leadership for review.
6
Extra Homework
7
Isolate vendor traffic to sub networks to provide defense-in-depth.
What is the best way to manage the risk of others interfacing with our network and systems? Require security certification and accreditation of third party vendors. Isolate vendor traffic to sub networks to provide defense-in-depth.
8
Implement role base security
5. How should you control others on your network for access and authorization? Implement role base security Create roles for vendors with limited privileges. Ensure vendors comply with company password policies. Whitelist any approved vendor protocols and deny all else. Strict audit tracking and monitoring of all vendor traffic.
9
Training and awareness challenges of e- commerce.
5. 5. What should be required of vendors and sub-contractors to work with your systems? Training and awareness challenges of e- commerce. Establish interface standards. Detaling security process that are in place for all interfaces. “passing certificates, etc.”
10
5. 5. 5. How do you ensure proper training and certification of sub-contractors and vendors?
Interface agreements will include training and company security certifications. Provide Bullseye specific computer based and available classroom training to ensure our security concerns are addressed
11
Questions???
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.