Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Resilience Tips and Techniques For Protection & Response

28 views

Published on

Presented by Chitaranjan Kajwadkar
Terminology:-
Information Security v/s Cyber Security
Security threats v/s Cyber Security threats
Security events, incidents, IoC, compromise ,breach, data theft, attack
Contain, Limit , Quarantine , Recover
Disaster Recovery v/s Business Continuity


Published in: Services
  • Be the first to comment

Cyber Resilience Tips and Techniques For Protection & Response

  1. 1. Continuity & Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 8th ME Business & IT Resilience Summit March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE
  2. 2. Cyber Resilience Tips and Techniques For Protection & Response C Kajwadkar (C K) Mumbai
  3. 3. 1: Get Right Connotation to words
  4. 4. Terminology • Information Security v/s Cyber Security • Security threats v/s Cyber Security threats • Security events, incidents, IoC, compromise ,breach, data theft, attack • Contain, Limit , Quarantine , Recover • Disaster Recovery v/s Business Continuity 4
  5. 5. 2: Get Understanding of Concepts
  6. 6. A few Key Concepts • Cyber Kill Chain • Triage • Golden Hour • Patient Zero 6
  7. 7. Cyber Kill Chain 7
  8. 8. Cyber Kill Chain • Reconnaissance • Weaponisation • Delivery • Exploitation • Installation • Command & control • Actions on objective • Research, identification, and selection of targets • Pairing remote access malware with exploit into a deliverable payload (e.g. Adobe PDF and Microsoft Office files ) • Transmission of weapon to target (e.g. via email attachments, websites, or USB devices) • Once delivered, the weapon’s code is triggered, exploiting vulnerable applications or systems • The weapon installs a backdoor on a target’s system allowing persistent access. • Outside service communicates with the weapons providing “hands on keyboard access” inside the target’s network. • The attacker works to achieve the objective of the intrusion, which can include exfiltration or destruction of data, or intrusion of another target 8
  9. 9. 3: Get the Frame Work Right
  10. 10. 12 Five Primary Risk Management Categories- • Governance; • Identification; • Protection; • Detection; and • Response and Recovery. Three Overarching Components- • Testing; • Situational awareness; and • Learning and evolving. Cyber Resilience Framework
  11. 11. 4: Cyber Crisis Management Plan
  12. 12. Cyber Crisis Management Plan • Cyber Crisis Management Governance • Identification and Validation • Activation of Cyber Crisis Management Plan (CCMP) • Response and Containment • Communication • Recovery 14
  13. 13. 5: Cyber Crisis Management Strategy
  14. 14. Defender’s tool Kit • Detect • Deflect • Deny • Disrupt • Degrade • ….. • …. 16
  15. 15. 6: Forensic Readiness
  16. 16. Log Collection, Storage, Analysis • Change in perspective wrt Logs • Conventionally and now • Plethora of sources…. • More parameters for ‘Logging’ • Frequency of logging • Rate & Size of logs • Challenges of Storage, Analysis, Correlation, alert fatigue • Meaningful outcome with superfast response • Chain of Custody for forensics 18
  17. 17. 7: People Factor
  18. 18. ‘People’ factor in Cyber Security • Culture across geographies is different, Plays role in its own way • Human beings are ‘social’ by nature • Official / social communications are part of life. • Certain level of vulnerabilities will continue to exist • We all appreciate that there is ‘no patch for human stupidity’ • Thus we have to find Systemic ways to deal with it. • Despite best efforts, some silo’s will exist in organization • Set processes to reduce gaps • In routine BAU, we may tend to go on ‘Auto Pilot’ • What can help us get switch to ‘alert mode’ from BAU mode ? 20
  19. 19. ‘People’ factor in Cyber Security • Newer skills are required in organization, including at Board level • Cyber Strategy is as important as business strategy • Implementation of Cyber Security may require plethora of tools • POC, selection, implementation requires skills & mindset • Post implementation, ‘day to day’ admin is also important • Processes are as important as tools • Do we have people who can set right processes • Investigation of Cyber incident is a different ball game • Event correlation, connecting missing dots play important role • Planning for forensic requires hacker’s mind set. Do we ethical hackers ? • Tests/Drills • Have we planned for Red & Blue team? How effectively we can use them. 21
  20. 20. 8: Prepare For Targeted Attack
  21. 21. Preparing for Targeted Attacks • Deep understanding of why would some one attack you • Enhance capabilities to get early indicators reconnaissance • Targeted threat intelligence • Higher emphasis on insider threats • Early Detection capabilities • Active defense • Active hunting • Incident Response team with mind set of DGMO • …. 23
  22. 22. 9: Future Proofing
  23. 23. The Crystal Ball ..Horizon 2025 4th Industrial Revolution: Higher Momentum • Drivers : ML, AI ,IOT, WNS*,C2X* • Dominance of Matured CPS* *CPS Cyber Physical Systems *WNS: Wireless Sensor Networks , *C2X : Car to Everything
  24. 24. The Crystal Ball ..Horizon 2025 • Newer Areas of Applications • Smart Cities • Agri , Green House Asset management • Healthcare Management • Navigation & Rescue • Intelligent Transportation Systems (ITSs), C2X • Machine Vision • Biological Network Analysis • Military Robotic Controls • …
  25. 25. 10: ???
  26. 26. When Going Gets Tough, Tough Get Going…
  27. 27. Thank you
  28. 28. Continuity & Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 8th ME Business & IT Resilience Summit March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE

×