Data Breach 2009 ISACA HI

344 views
321 views

Published on

My 2009 DBIR presentation @ ISACA Hawaii.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
344
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Data Breach 2009 ISACA HI

  1. 1. A study conducted by Verizon Business 2009 DATA BREACH INVESTIGATIONS REPORT Brief by Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT
  2. 2. This brief will cover the following: • My Conclusions • Quick Facts • Key Highlights • Findings, Conclusions, and Countermeasures • TVM-Doing More For Less • Summary of Recommendations •Q&A
  3. 3. QUICK FACTS
  4. 4. All results are based on firsthand evidence collected during 90 data breach investigations occurring in 2008 conducted by Verizon Business. Only confirmed breaches are included. (not “data-at- risk”) Most of the statistics presented refer to the percentage of cases, the percentage of records breached, or simply the number of cases. The authors make no claim that the findings of this report are representative of all data breaches in all organizations at all times.
  5. 5. Roughly 20 percent of cases involved more than one breach Nearly half of the caseload had distinct patterns and commonalities A little over 1/3 of the cases were made public (so far)
  6. 6. KEY HIGHLIGHTS
  7. 7. FINDINGS, CONCLUSIONS, AND COUNTERMEASURES
  8. 8. Align process with policy Achieve “Essential” then worry about “Excellent” Secure Business Partner Connections Create a Data Retention Plan Control data with transaction zones Monitor event logs Create an Incident Response Plan Increase awareness Engage in mock incident testing Changing default credentials is key Avoid shared credentials User Account Review Application Testing and Code Review Smarter Patch Management Strategies Human Resources Termination Procedures Enable Application Logs and Monitor
  9. 9. Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT Principal - R!SC Visit us at www.it-risc.com Contact us at heldakhakhni@it-risc.com

×