Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Mitigation & Incident Response Week 12

Published byOswald Little Modified over 5 years ago

Similar presentations

Presentation on theme: "Risk Mitigation & Incident Response Week 12"— Presentation transcript:

1 Risk Mitigation & Incident Response Week 12

2 Getting close to the end
House keeping items Getting close to the end Thanksgiving – Week 13 No quiz November 24th or 25th DR and Business Continuity – Week 14 Add WebEx meet-up on November 27th? Maturity Models / Wrap-up – Week 15 Audit project due Dec 4 – week 15 Final Exam – Canvas (75 questions), Tuesday, 12/18

3 Comprehensive security: elements from three frameworks

4 Security Governance Tree

5 Clear distinction IT Security Information Security
Concerned with building secure and reliable platforms Concerned with the control of information; electronic or physical

6 Gartner’s Security Processes You Must Get Right
Security’s Responsibility Security Governance Policy Management Awareness & Education Identity & Access Management Vulnerability Management Incident Response IT’s Responsibility Change Management Disaster Recovery & Business Continuity Project Life Cycle Management Vendor Management Information security governance consists of the functions and processes that ensure that the right actions are taken to balance the needs to protect the organization against the needs to run the business. Security policies define and document the enterprise's established position about the security risks that must be controlled to meet the risk appetite of the business, which will ultimately fund security controls and bear any residual risk. Enlightened awareness is achieved in part through education and aids in reshaping enterprise cultures that do not fully understand or appreciate the impact that inadequate security can have on all other IT and business processes. IAM is the systematic management of a user's identities and access throughout the life cycle of his or her engagement with the organization. This is the process of identifying, assessing and resolving security weaknesses in the enterprise. Often, the focus is on the organization's technical infrastructure; however, the CISO must also be alert to vulnerabilities in process weaknesses and other common staff practices. It is therefore critical for the security organization to have a well-documented incident response process that has been successfully (and, if possible, repeatedly) exercised prior to an actual incident. Getting change management right is critical to the enterprise's ability to execute changes in a controlled and auditable manner. Their purpose is to ensure that, in the event of a serious disruption to the enterprise, business operations can continue, and systems and processes can recover in a considered and orderly manner. To avoid introducing serious, expensive and possibly immutable security risks into the enterprise, it is critical to ensure that phase gate reviews include formal assessments of project documentation, with sign-off approvals from the security organization with regard to the architecture, design and any other relevant artifacts, such as postoperational plans. The vendor's processes must incorporate the enterprise client's security requirements in a way that extends beyond unrealistic promises from the vendor, which amount to little action and less visibility.

7 Gartner’s Security Processes You Must Get Right
Security’s Responsibility Security Governance Policy Management Awareness & Education Identity & Access Management Vulnerability Management Incident Response IT’s Responsibility Change Management Disaster Recovery & Business Continuity Project Life Cycle Management Vendor Management Information security governance consists of the functions and processes that ensure that the right actions are taken to balance the needs to protect the organization against the needs to run the business. Security policies define and document the enterprise's established position about the security risks that must be controlled to meet the risk appetite of the business, which will ultimately fund security controls and bear any residual risk. Enlightened awareness is achieved in part through education and aids in reshaping enterprise cultures that do not fully understand or appreciate the impact that inadequate security can have on all other IT and business processes. IAM is the systematic management of a user's identities and access throughout the life cycle of his or her engagement with the organization. This is the process of identifying, assessing and resolving security weaknesses in the enterprise. Often, the focus is on the organization's technical infrastructure; however, the CISO must also be alert to vulnerabilities in process weaknesses and other common staff practices. It is therefore critical for the security organization to have a well-documented incident response process that has been successfully (and, if possible, repeatedly) exercised prior to an actual incident. Getting change management right is critical to the enterprise's ability to execute changes in a controlled and auditable manner. Their purpose is to ensure that, in the event of a serious disruption to the enterprise, business operations can continue, and systems and processes can recover in a considered and orderly manner. To avoid introducing serious, expensive and possibly immutable security risks into the enterprise, it is critical to ensure that phase gate reviews include formal assessments of project documentation, with sign-off approvals from the security organization with regard to the architecture, design and any other relevant artifacts, such as post operational plans. The vendor's processes must incorporate the enterprise client's security requirements in a way that extends beyond unrealistic promises from the vendor, which amount to little action and less visibility.

8 Incident Response Preparation Detect and Expose Triage
Classify and Contain Remediate Report and Post-Mortem Preparation – more the better – create a response process with clear roles – test it using tabletop exercises with the people who will be performing the roles – know where all your sensitive data is located and what you have done to protect it. Employ standard precautions: inventory sensitive data, patch all your systems, test vulnerabilities, implement the full process, test often SANS APRIL 3 & 7 FEDERAL AGENCY RESPONSE INADEQUATE 65% OF THE TIME – KEY FINDING, NOT ENOUGH PRACTICE Detect and Expose – Given high number of attacks automate your detection process and work the data Triage – Scope the threat and identify the greatest exposure risks – this is where the map of sensitive data provides a great starting point Classify and Contain – cyber forensics team looks to contain the intrusion – how to eradicate malware Remediate – remove malware, survey what has been breached Report and Post-Mortem – public statements in accordance with law, etc. – take additional remediation steps – conduct a post mortem and focus on lessons learned.

9 The iPremier Case Take 30 minutes
How well did the iPremier Company perform during the seventy-five minute attack? If you were Bob Turley, what might you have done differently during the attack? The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern that the company might eventually suffer from a “deficit in operating procedures.” Were the company’s operating procedures deficient in responding to this attack? What additional procedures might have been in place to better handle the attack? Now that the attack has ended, what can the iPremier Company do to prepare for another such attack? In the aftermath of the attack, what would you be worried about? What actions would you recommend?

Download ppt "Risk Mitigation & Incident Response Week 12"

Similar presentations

Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
iPremier(A) Denial of Service Attack – Case Study Presentation

iPremier(A) Denial of Service Attack – Case Study Presentation
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Governance

Information Security Governance
The Islamic University of Gaza

The Islamic University of Gaza
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Similar presentations

Ads by Google