Your SlideShare is downloading. ×
0
China Resource Network
Computer Fraud
JurInnov, Ltd.
October 5, 2012
© 2012 JurInnov Ltd. All Rights Reserved.
PROPRIETARY...
Who Are We?
JurInnov works with organizations that want to
more effectively manage matters involving
“Electronically Store...
Confidence Framework
CFStrategy
CFAudit

CFAssess

CFAware

CFPolicy

© 2012 JurInnov Ltd. All Rights Reserved.
PROPRIETAR...
Overview
•
•
•
•
•

Case Study
Detection
Incident response
Post-incident activities
Prevention

3
© 2012 JurInnov Ltd. All...
Case Study
3. Fake response
through open relay

2. Email
read &
deleted

1. US sends
email

?
4. Fake email
with alternate...
Detection
• Separation of duties
– Approve requests for information
– Validate changes in procedure
– Divide sensitive tas...
Indicators
•
•
•
•
•
•
•
•
•
•

Use of dormant accounts •
Log alteration
Presence of malicious code •
Notification by part...
Incident Response
• Validate incident authenticity
• Determine scope and severity
– Users, data and equipment impacted

• ...
Preservation of evidence
• Volatile data
–
–
–
–

Contents of RAM
Current network connections
Logon sessions
Open files

•...
Recovery
•
•
•
•

Remediate vulnerabilities
Restore services
Restore data
Restore confidence

9
© 2012 JurInnov Ltd. All R...
Post-incident activities
• Refine plans and processes
• Create new IRPs
• Debrief (After-action review)

10
© 2012 JurInno...
Debrief
•
•
•
•
•
•
•
•

Rankless discussion
What was the goal?
Were goals achievable?
Successes
Pitfalls
Lessons learned
...
Prevention
• Perform background checks on key personnel,
suppliers and partners
• Conduct periodic awareness training
• Do...
Prevention
• Technical controls
–
–
–
–
–
–
–

Antivirus/antimalware
Email filtering
Web filtering
Network Access Control ...
Incident Response Plans
• Document procedures for likely incidents
• Document steps for a non-specific incident
• Prepare ...
Action Items
• Obtain an overview of information security
posture (Security Snapshot)
• Consider incident response and cre...
Upcoming SlideShare
Loading in...5
×

Computer Fraud - Eric Vanderburg - China Resource Network Conference

101

Published on

Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents on computer fraud at the China Resource Network Conference: China – Growing the Mature Market, October, 2012.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
101
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Computer Fraud - Eric Vanderburg - China Resource Network Conference"

  1. 1. China Resource Network Computer Fraud JurInnov, Ltd. October 5, 2012 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  2. 2. Who Are We? JurInnov works with organizations that want to more effectively manage matters involving “Electronically Stored Information” (ESI). – – – – Information Security Electronic Discovery Computer Forensics Document and Case Management 1 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  3. 3. Confidence Framework CFStrategy CFAudit CFAssess CFAware CFPolicy © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  4. 4. Overview • • • • • Case Study Detection Incident response Post-incident activities Prevention 3 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  5. 5. Case Study 3. Fake response through open relay 2. Email read & deleted 1. US sends email ? 4. Fake email with alternate address 4 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  6. 6. Detection • Separation of duties – Approve requests for information – Validate changes in procedure – Divide sensitive tasks between multiple persons and roles • Awareness – Suspicious activity – Social engineering • Audit 5 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  7. 7. Indicators • • • • • • • • • • Use of dormant accounts • Log alteration Presence of malicious code • Notification by partner or • peer • Notification by hacker • Loss of availability • Corrupt files Data breach Violation of policy Violation of law Activity at unexpected times Unusual email traffic Presence of hacker tools Unknown accounts Unusual consumption of computing resources Unusual network activity 6 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  8. 8. Incident Response • Validate incident authenticity • Determine scope and severity – Users, data and equipment impacted • Notify team 7 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  9. 9. Preservation of evidence • Volatile data – – – – Contents of RAM Current network connections Logon sessions Open files • Non-volatile data – Hard drives – Network device startup configurations • Chain of custody 8 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  10. 10. Recovery • • • • Remediate vulnerabilities Restore services Restore data Restore confidence 9 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  11. 11. Post-incident activities • Refine plans and processes • Create new IRPs • Debrief (After-action review) 10 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  12. 12. Debrief • • • • • • • • Rankless discussion What was the goal? Were goals achievable? Successes Pitfalls Lessons learned Action items and responsibilities Positive summary (high note) 11 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  13. 13. Prevention • Perform background checks on key personnel, suppliers and partners • Conduct periodic awareness training • Document and follow procedures 12 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  14. 14. Prevention • Technical controls – – – – – – – Antivirus/antimalware Email filtering Web filtering Network Access Control (NAC) Intrusion Prevention System (IPS) Patch management Password management 13 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  15. 15. Incident Response Plans • Document procedures for likely incidents • Document steps for a non-specific incident • Prepare resources – Human – Technical • • • • • Is geographic diversity needed? Determine notification procedure Roles and responsibilities Simulation Review and maintenance 14 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  16. 16. Action Items • Obtain an overview of information security posture (Security Snapshot) • Consider incident response and create IRPs • Conduct security awareness training • Conduct risk assessment to identify appropriate security controls • Baseline systems to understand normal activity 15 © 2012 JurInnov Ltd. All Rights Reserved. PROPRIETARY AND CONFIDENTIAL
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×