Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Response November 2015 Navigating a Cybersecurity Incident.

Published byEaster Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Incident Response November 2015 Navigating a Cybersecurity Incident."— Presentation transcript:

1 Incident Response November 2015 Navigating a Cybersecurity Incident

2 Plan, Prepare, Manage, Mitigate and Remediate  Plan – Have a plan and test it  Prepare – Create a CSIRT and practice scenarios  Manage – Have a program for managing an incident  Mitigate – Plans of Action to mitigate common scenarios  Remediate – Action plan for addressing gaps and issues 1

3 Create an Incident Response Plan  Develop an Incident Response Plan - Multidisciplinary team  Roles and Responsibilities  Line of Authority  Triggers to Activate CSIRT  Status updates – timing 2

4 Computer Security Incident Response Team (CSIRT)  Information Systems Services - Windows - Unix - Messaging - Networking - Help Desk  Information Security  Legal  Human Resources

5 The Computer Security Incident Response Team  Strategies for different types of breaches Technical response Public relations response Legal response

6 Detection – Information Security  IDS – Intrusion Detection Systems - SIEM – Security Information and Event Management  FIM – File Integrity Monitoring Systems  FW – Firewall activity  AV – Anti-Virus Alerts  Service Desk Calls - Users - Customers

7 Detection – Is this an incident  Did you lose data?  How much data and exactly what type?  Is the data loss ongoing?  Who knows about the data loss?  This information is going to guide the next phases of the response - Will we need to report the loss - How big is the loss – number of customers - How will we manage the process

8 Managing and mitigating the incident  Identify your organizations priorities  Nature of the incident  Restore affected or compromised systems  Apply corrective actions to any identify vulnerabilities  Apply countermeasures to security systems  Assign responsibility for correcting systemic issues  Track progress of all corrective actions  Validate the actions taken are effective  Update your security policy and procedures

9 Remediation  The goal of those engaged in a data breach and incident response is to - Stop the bleeding – data loss - Quantify the loss - Secure your information systems - Fix any holes in your security and operations

10 Lessons learned – Follow up  Actions to fix infrastructure and security - Assigned an owner who is responsible for the fix - Given adequate resources to address problems - Required to provide regularly scheduled updates until resolution

11 Remediation - repairing the damage to the brand  For customers - Credit monitoring - Credit repair - Litigation services for any victimized by ID Theft  Company Image - Good will gestures - Awareness Outreach to customers on data protection - Following up on all promises

12 Consider Third Party Contractors Digitigal Forensics and Crisis Response  Benefits of third party contractors - Equipped to deal with crisis situation - Instant Expertise - Typically can provide rapid response - Can provide you with legal cover  Issues of third party contractors - Cost – they can be expensive – $300 plus per hour - Delays in getting onsite – paper work and travel - No guarantee of resuts

13 Overview of Administrative Elements  Management roles and responsibilities - Leadership is essential to effective response - Let the team do its job, but keep a informed of progress Status meetings – as needed, but initially 3 a day - Current Status - Tasks to Complete - Next Steps - Who is assigned Be prepared to make timely and informed decisions Keep tabs on staffing and watch for fatigue - Support your people and do not lose your temper - If staff do not perform or are ineffective you will need to decide how to proceed, but think before you act 12

14 Overview of Administrative Elements  Public Relations - Single message – clear, concise and to the point If you have a public relations staff, let them work with your legal counsel on the message, review it and make sure all contingencies have been addressed and then let them deliver it. - Explain what has happened - Progress of the investigation - Steps the organization will be taking - How the public and press can keep informed - A wise policy is to inform all company personnel that any inquiries about an incident must be directed to Legal council - Templates can be prepared and vetted prior an incident and can be ready to use in event of a breach 13

15 Questions? Fred Howell, MBA, MSISM, CISSP Manager of Security and Privacy Consulting Services RSM LLP 80 City Square Boston, MA 02129 Office 617-241-1520 Cell 781-831-2767 Email: Fred.Howell@RSMUS.comFred.Howell@RSMUS.com 14

16 McGladrey is the brand under which McGladrey & Pullen, LLP serve clients’ business needs. McGladrey LLP is the U.S. member of the RSM International (“RSMI”) network of independent accounting, tax and consulting firms. The member firms of RSMI collaborate to provide services to global clients, but are separate and distinct legal entities which cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. McGladrey, the McGladrey signatures, The McGladrey Classic logo, The power of being understood, Power comes from being understood and Experience the power of being understood are trademarks of McGladrey LLP. © 2013 McGladrey LLP. All Rights Reserved. McGladrey LLP Andy Obuchowski 80 City Square Boston, MA 022129 617.241.1219 Andy.obuchowski@mcgladrey.com www.mcgladrey.com

Download ppt "Incident Response November 2015 Navigating a Cybersecurity Incident."

Similar presentations

Who We Are IPS CONSULTANTS AND ASSOCIATES. started as a group of professionals in legal, administrative and fiscal areas with more than 15 years of experience.

Who We Are IPS CONSULTANTS AND ASSOCIATES. started as a group of professionals in legal, administrative and fiscal areas with more than 15 years of experience.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,

Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Malware Response Infrastructure Planning and Design Published: February 2011 Updated: November 2011.

Malware Response Infrastructure Planning and Design Published: February 2011 Updated: November 2011.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Incidence Response & Computer Forensics, Second Edition

Incidence Response & Computer Forensics, Second Edition
Computer Security: Principles and Practice

Computer Security: Principles and Practice
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
General Awareness Training

General Awareness Training
1 Personal Health Information Data Breach. What Happened? March 10, 2012: Computer hackers illegally access a Department of Technology Services (DTS)

1 Personal Health Information Data Breach. What Happened? March 10, 2012: Computer hackers illegally access a Department of Technology Services (DTS)
SMALL BUSINESS RESOURCE GUIDE CHECKLIST FOR GOING INTO BUSINESS.

SMALL BUSINESS RESOURCE GUIDE CHECKLIST FOR GOING INTO BUSINESS.
AmeriCorps in Times of Disaster AmeriCorps Conference July 23, 2015 1.

AmeriCorps in Times of Disaster AmeriCorps Conference July 23,

Similar presentations

Ads by Google