Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing a Data Breach Prevention-Detection-Mitigation

Published byJudith Leonard Modified over 6 years ago

Similar presentations

Presentation on theme: "Managing a Data Breach Prevention-Detection-Mitigation"— Presentation transcript:

1 Managing a Data Breach Prevention-Detection-Mitigation
By Gerard Joyce Dun Laoghaire Sept 28th 2017

2 Robert Mueller FBI Director
There are two types of organisations; those that have been hacked and those that are going to be hacked. Robert Mueller FBI Director

3 Overview Who We Are and What We Do What is a ‘Data Breach’? Prevention
- Exercise 1 Detection - Exercise 2 Mitigation - Exercise 3 To Do List

4 Who We Are and What We Do Experienced Risk & Compliance Professionals
Members of IRM, ACOI, ACCA, ISI... Involved in the Development of Standards We make a Governance, Risk & Compliance Solution called CalQRisk CalQRisk is used by 150+ regulated firms Including Brokers, Financial Advisors, Fund Management Companies, Fund Administrators, Credit Unions, Solicitors and Local Authorities

5 What is a ‘Data Breach’? Data that you are ‘controlling’ is accessed / viewed / altered by unauthorised persons. Data could be: Personal Identifiable Information (PII) Trade Secrets / Business Processes Intellectual Property Cause of Breach Could be intentional, criminal Could be accidental

6 September : The company revealed that a “state-sponsored actor” stole data associated with some 500 million accounts from its servers in late-2014. Russian hackers are suspected to be behind the attack. Shortly after the breach announcement, a source familiar with the matter told ABC News that Yahoo only became aware of the data breach in July, after news reports of a hacker attempting to sell some 280 million accounts on the dark web.

7 Cyber Security firm FireEye say the global median time it takes to discover breaches is 99 days. (2016 data - down from 146 days in M-Trends 2017, a view from the front lines, p.47) The Equifax breach wasn’t discovered for 141 days.

8 Risk Assessment Data Breach Prevention Detection Mitigation
Documented Policy Unauthorised Access Incident Response Data Breach Prevention Detection Mitigation

9 Exercise 1 What are the threats and what can you do to prevent them?
Think Who? How? What?

10 Exercise 1 Who? Hackers and Hacktivists Disgruntled Employees
Careless Employees Criminal Organisations Aggressive Competitors Hostile Nation States

11 Exercise 1 How? (What vulnerabilities will they exploit?)
Unwitting Employees / Social Engineering Unpatched Flaws in Systems Less Secure Service Providers Insecure Cloud Storage Mobile Devices

12 Exercise 1 What? (What is of interest?) What are your ‘Crown Jewels’?
Personal Data Customer Data Money Trade Secrets / Intellectual Property

13 Risk Controls – Data Breach
Swiss Cheese Model Policy Unauthorised Access Procedures Code of Practice Training & Education Employee - Intentional Data Breach Checks Intrusion Prevention Employee - Unintentional Anti-Virus Software Strong Access Control IT Glitch Encryption Data Classification

14 Why Detection is Important
Fines imposed will be proportional to the ‘Dwell Time’ The longer the theft is going on the more data gets stolen The quicker a breach is detected the quicker action can be taken to mitigate the impact.

15 Exercise 2 How would you know you have a breach? Think
Who would recognise it first? (You, Your Customer…) What the signs might be Service Delivery - How might that be affected?

16 Exercise 2 How would you know you have a breach? Customers Tell You
Service is Disrupted Unusual Traffic on your Network Credit Card Company Calls Data is Corrupted Your Intellectual Property appears “online”

17 Risk Controls – Data Breach
Policy Monitor Feedback Unauthorised Access Procedures Measure Service Training & Education Monitor Network Traffic Employee - Intentional Checks Data Breach Intrusion Prevention Employee - Unintentional Anti-Virus Software Maintain Good Comms Strong Access Control IT Glitch Monitor Data Integrity Encryption Monitor Press / SocMed Data Classification

18 Mitigation – Be Ready to Respond
Incident Response Plan More about this in a moment Before the Incident occurs Restrict ‘lateral movement’ in the Network (IT) Identify an individual to take charge Identify partners (3rd Party) that you might need Legal counsel ● Public Relations IT Forensics After the Incident – Review your policies and procedures

19 Exercise 3 What should be in an Incident Response Plan? Think
Who do you call? What do you do, in what order? Who does what?

20 Data Breach Almost 157,000 TalkTalk customers had their personal details hacked. When the cyber-attack was revealed, TalkTalk said it did not know how many customers were affected, raising concerns that hundreds of thousands of customers could be at risk. The company was criticised for its lack of information and for failing to take precautions after being hacked twice before this year. Two teenage boys arrested 

21 Response Plan Incident Lead, Incident Team
Individual Roles and Responsibilities Contact List of People that might need to be involved Protocols During a Breach How to assess scope of breach How to Collect Evidence How to stop the Data Loss Forms to Record Details / Action Communications (Internal, Customers, DPC, Press) Review – Learn from Incidents / Exercises

22 Notification (Art 33) Describe nature of the personal data breach
Number of subjects concerned Categories and numbers of records Communicate name of the DPO / contact Describe likely consequences of breach Describe means taken / proposed to be taken to address Including mitigation of ‘side-effects’ Can provide information in phases Document breach and action taken.

23 Communication (Art 34) Where there is high risk to data subject, communicate to data subject without delay. Clear and plain language Nature of the breach Contact details for DPO / contact Likely consequences Measures taken Not required if Technical measures make info unintelligible Disproportionate. Can be a public communication

24 Risk Controls – Data Breach
Policy Monitor Feedback Response Plan Unauthorised Access Procedures Measure Service Privacy Impact Training & Education Monitor Network Traffic Notification Plan Employee - Intentional Checks Data Breach Intrusion Prevention Communications Plan Employee - Unintentional Anti-Virus Software Maintain Good Comms Collect Evidence Strong Access Control IT Glitch Monitor Data Integrity Review Controls Encryption Monitor Press / SocMed Document Action Data Classification

25 To Do List Assign management responsibilities
Identify all assets that need protection Conduct an impact assessment Review access rights incl. privilege access rights Review update/patching policy Review if malware detection up-to-date Policy & procedures for continuous monitoring of network Consider implementing intrusion detection tools Procedure for reporting ‘events’ Response Plan

26 Thank You

Download ppt "Managing a Data Breach Prevention-Detection-Mitigation"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network security policy: best practices

Network security policy: best practices
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Similar presentations

Ads by Google