Your SlideShare is downloading. ×
EU Cyber Attacks And The Incident Response Imperative
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

EU Cyber Attacks And The Incident Response Imperative

723
views

Published on

Speaking at the recent Cyber Security Summit in London, Lee Miles, Deputy Head of the U.K. National Cyber Crime Unit said, "cybercrime is anonymous, sophisticated, and international." Gone are the …

Speaking at the recent Cyber Security Summit in London, Lee Miles, Deputy Head of the U.K. National Cyber Crime Unit said, "cybercrime is anonymous, sophisticated, and international." Gone are the days of hacking "to plant a flag for kudos... it's all about the money now," he said. Accounts like these highlight the inevitability of breaches and emphasize just how crucial a capable incident response capability is to survival.

This webinar will review the major components of a modern incident response function, highlighting what organizations can do to quickly improve their program. It will use the Co3 platform to demonstrate how firms can dramatically improve incident response without requiring a significant investment in staff, professional services, or infrastructure.

Our featured speakers for this webinar will be:

- Ted Julian, Chief Marketing Officer, Co3 Systems

- Tim Armstrong, Security Incident Response Specialist, Co3 Systems

Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
723
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 “Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” – PC Magazine, Editor’s Choice “Co3…defines what software packages for privacy look like.” – Gartner “Platform is comprehensive, user friendly, and very well designed.” – Ponemon Institute “One of the most important startups in security…” – Business Insider “One of the hottest products at RSA…” – Network World “...an invaluable weapon when responding to security incidents.” – Government Computer News “Co3 has done better than a home-run... it has knocked one out of the park.” – SC Magazine “Most Innovative Security Startup.” – RSA Conference We’ll get started in just a minute.
  • 2. EU Cyber Attacks & The Incident Response Imperative
  • 3. 3 Agenda Introductions Co3 Systems Background Today’s Breach Reality IR Functional Components IR Management Demo Q&A
  • 4. 4 Introductions: Today’s Speakers • Ted Julian, Chief Marketing Officer, Co3 Systems • Tim Armstrong, Security Incident Response Specialist, Co3 Systems
  • 5. 5 SSAE16TYPEIICERTIFIED DASHBOARDS&REPORTING Bringing people, process, and technology together for times of crisis I N C I D E N T R E S P O N S E P L A N PLAN SYNTHESIS INTEGRATED INTELLIGENCE ARTIFACT CORRELATION INSTANT CREATION & STREAMLINED COLLABORATION HR IT LEGAL/ COMPLIANCE MARKETING COMMUNITY BEST PRACTICES INDUSTRY STANDARD FRAMEWORKS ORGANIZATIONAL SOPS GLOBAL PRIVACY BREACH REGULATIONS CONTRACTUAL REQUIREMENTS ACCELERATED MITIGATION TROUBLE TICKETING SIMGRC AUTOMATED ESCALATION EMAIL WEB FORM TROUBLE TICKETING ENTRY WIZARD SIM
  • 6. 6 Today’s Breach Reality – The EU Conundrum • Data in the U.S. and anecdotal experience suggests a worldwide epidemic • But without mandated public breach disclosure across the E.U., data is limited, and it’s hard to quantify
  • 7. 7 Today’s Breach Reality Source: Verizon DBIR 2014 Incident classification patterns over time
  • 8. 8 Today’s Breach Reality 81% of large organisations had a security breach (down from 86%* a year ago) 60% of small businesses had a security breach (down from 64%* a year ago) 59% of respondents expect there will be more security incidents in the next year than last £600k - £1.15m average cost to a large organisation of its worst security breach of the year (up from £450 - £850k a year ago) £65k - £115k average cost to a small business of its worst security breach of the year (up from £35 - £65k a year ago) Source: 2014 Information Security Breaches Survey, pwc U.K. Breaches Are Slightly Down But Costs Are Way Up
  • 9. 9Co3 Systems, Inc. IR Can Help An IR Plan and a Strong security posture reduce expense Impact of eight factors on the per capita cost of data breach Source: 2014 Cost of Data Breach Study: Global Analysis IBM & Ponemon Institute
  • 10. POLL
  • 11. 11 The IR Lifecycle Prepare Improve Organizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops) Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
  • 12. 12Co3 Systems, Inc. Prepare • Incident response teams often include: – IT, Legal (internal and/or external), Compliance, Audit, Privacy, Marketing, HR, Senior Executive – Pre-define roles and responsibilities • RACI (Responsible, Accountable, Consulted, Informed) • SOPs can include: – Processes to be followed by incident type – Standardized interpretation of legal / regulatory requirements – 3rd party contractual requirements • Simulations – Can range from drills to full-scale exercises – Communications is key • Roles, contact info, internal and external – Gauge organization preparedness, catalyze improvement Prepare Improve Organizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops)
  • 13. PREPARE
  • 14. 14Co3 Systems, Inc. Assess • Prioritize efforts – Based on value of asset, potential for customer impact, risk of fines, and other risks • Leverage threat intelligence • Incident declaration matrix – Based on category and severity level – Can set SLAs for each Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment
  • 15. ASSESS
  • 16. POLL
  • 17. 17Co3 Systems, Inc. Manage • Iterate on your plan • Communicate status – Different mechanisms for different constituents • Ensure everything is tracked Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
  • 18. MANAGE
  • 19. 19Co3 Systems, Inc. Mitigate • Conduct a post-mortem – Validate investment or lobby for more – Identify areas for improvement • Did we hit our SLAs? – Update playbooks • Track incident source – pinpoint risk to drive improvement, and/or trigger bill-back • Update preventative and detective controls Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization
  • 20. MITIGATE
  • 21. QUESTIONS
  • 22. 22 Next Up • Today's Breach Reality, The IR Imperative, And What You Can Do About It – Wednesday, July 16, 2014 1:00 PM - 2:00 PM EDT • BlackHat 2014 – August 5-7, Las Vegas
  • 23. One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013