Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,

Published byAnthony Greene Modified over 9 years ago

Similar presentations

Presentation on theme: "Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,"— Presentation transcript:

1 Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP, GCIH, GSEC Lucas Walker, Information Security Analyst - GSEC

2 What happened and why you should care… 2

3 Researched scope of problem Identified vulnerable systems Updated and patched core IT-managed systems Revoked and re-issued SSL certificates Involved the community: Notified departmental IT areas Posted alerts Involved help desk Provided instructions to users Issued password resets for impacted services What IT did 3

4 What IT is doing: Scanning and monitoring for vulnerable systems on the network Monitoring Intrusion Prevention Systems (IPS) for Heartbleed activity De-briefing stakeholders and decision makers, “Lessons Learned” Researching for patches that are still being deployed 4

5 Incident Response Plan Is an action plan for dealing with intrusions, cyber-theft, denial of service, malicious code, natural disasters, and other security-related events Incidents can be intentional or unintentional Incident Response Plans help to know what to do when an incident occurs. Not a matter of “IF,” but of “WHEN” Planning is (almost) everything! 5

6 Incident Response Plan DoE’s 6 Step Process: 1.Prepare 2.Identify 3.Contain 4.Eradicate 5.Recover 6.Lessons Learned 6

7 Key Mistakes Failure to report or ask for help Incomplete / non-existent notes Mishandling / destroying evidence Failure to: Create working backups Contain or eradicate Prevent re-infection Apply lessons learned 7

8 Legal Aspects Plans, policies, and procedures developed for incident handling must: Comply with applicable laws Be reviewed by legal counsel & key stakeholders Unless you are a lawyer in OUC, you are not the expert. Work closely with legal counsel Regulations: FERPA PCI GLBA HIPAA ITAR Reporting security breaches, cyber-insurance, international standards (ISO 17799) 8

9 UNM Incident Response Plan Draft will be distributed to this audience PCI version is on cio.unm.edu/standards ERP version is posted on Banner ERP sites Is being updated Will be posted to CIO Standards page 9

10 Q&A Help.unm.edu security@unm.edu it.unm.edu/security 10

Download ppt "Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,"

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
After Action Report & Improvement Plan (AAR/IP) Elizabeth Jane Tangwall Office of Emergency Preparedness.

After Action Report & Improvement Plan (AAR/IP) Elizabeth Jane Tangwall Office of Emergency Preparedness.
Incident Handling in Academia What to do when you have been hacked!

Incident Handling in Academia What to do when you have been hacked!
Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Password District Data Breach Exercise [District Name] [Date] [Logo]

Password District Data Breach Exercise [District Name] [Date] [Logo]
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Similar presentations

Ads by Google