SlideShare a Scribd company logo

Cyber Families - Incident Response.pptx

Download as PPTX, PDF
K
Kinetic Potential

Cyber Families - Incident Response

Technology
1 of 31
Cybersecurity Families and Controls Part 1 – History, Overview and Incident Response AND Part 2 – What is PII and How Do You Protect it? 1
Cybersecurity Standards and Frameworks
Is There a Cybersecurity Standard? Yes!! The International Standards Organizations (ISO) established ISO 27001/27002 and it is the internationally recognized standard for cybersecurity. It assumes that an organization adopting ISO 27001 will have an Information Security Management System (ISMS). ISO/IEC 27001 requires that management systematically manage the organization’s information security risks, taking threats and vulnerabilities into account. What is the Origin of ISO 27001? ISO 27000 came out of the BS (British Standard) 7799, originally published in 1995 in three parts. The first part of BS 7799, dealing with the best practices of information security, was incorporated in ISO 17799 and in made part of the ISO 27000 series in 2000. Cybersecurity Standards and Frameworks
What is a Cybersecurity “Framework”? Cybersecurity frameworks are sets of documents describing guidelines, standards, and best practices designed for cyber security risk management . The frameworks exist to reduce an organization's exposure to weaknesses and vulnerabilities that hackers and other cyber criminals may exploit. What is the Difference Between a Cybersecurity Standard and a Framework? A cybersecurity standard is a set of guidelines or best practices that organizations can use to improve their cybersecurity posture. Organizations can use cybersecurity standards to help them identify and implement appropriate measures to protect their systems and data from cyber threats. Standards can also provide guidance on how to respond to and recover from cybersecurity incidents. These are generally not voluntary and must be followed for compliance. A cybersecurity framework is a system of standards, guidelines, and best practices to manage risks that arise in the digital world. They typically match security objectives, like avoiding unauthorized system access, with controls like requiring a username and password. ybersecurity frameworks are often mandatory, or at least strongly encouraged, for companies that want to comply with state, industry, and international cybersecurity regulations. Cybersecurity Standards and Frameworks
How Many Different Cybersecurity Frameworks are There? Cybersecurity frameworks provide a set of best practices for determining risk tolerance and setting controls. Knowing which one is best for your organization can be difficult. In fact, many regulations cross-reference more than one standard or framework. There are at least 20 security frameworks out there designed to help cyber professionals create robust cybersecurity compliance programs. What is Considered the Go To or Most Used Cybersecurity Framework? Among the most widely used cybersecurity frameworks is NIST publications NIST 800-53, a set of controls intended to help organizations meet the requirements of the Federal Information Security Modernization Act (FISMA), which is mandatory for federal agencies and organizations that are part of their supply chain such as defense contractors. It is considered the cybersecurity gold standard among federal agencies. It is also widely used among both Private (for profit) and Public (government) entities. Cybersecurity Standards and Frameworks
Who or What is NIST?
Who or What is NIST? The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness. What is NIST Publication 800-53 and What the Purpose of the Document? NIST 800-53 is a cybersecurity standard and compliance framework developed by the National Institute of Standards in Technology. It is a continuously updated framework that tries to flexibly define standards, controls, and assessments based on risk, cost- effectiveness, and capabilities. NIST 800-53 framework is designed to provide a foundation of guiding elements, strategies, systems, and controls, that can agnostically support any organization’s cybersecurity needs and priorities. Cybersecurity Standards and Frameworks - NIST
What are Cybersecurity Controls? Cybersecurity controls are mechanisms used to prevent, detect and mitigate cyber threats and attacks. The cybersecurity controls outlined in NIST Special Publication 800-53 provide all agencies who utilize the cybersecurity framework the recommended security and privacy controls to protect against potential security issues and cyber attacks. What are Cybersecurity Control “Families”? Security control families are collections of security controls all related to the same broad subject: physical access controls, awareness and training, incident response, and so forth. The precise number of controls within each family can vary, but each one will relate back to the control family’s basic focus. What are Cybersecurity Controls and What are Control “Families”?
AC – Access Control: The AC Control Family consists of security requirements detailing system logging. This includes who has access to what assets and reporting capabilities like account management, system privileges, and remote access logging to determine when users have access to the system and their level of access. AT – Awareness and Training: The control sets in the AT Control Family are specific to your security training and procedures, including security training records. A particular focus is improving awareness of different operational risks and threats to privacy or system security. AU – Audit and Accountability: The AU control family consists of security controls related to an organization’s audit capabilities. This includes audit policies and procedures, audit logging, audit report generation, and protection of audit information. CA – Assessment, Authorization and Monitoring: The Continuous Assessment, Authorization and Monitoring family focuses on the continuous monitoring and improvement of security and privacy controls. It covers the creation of an assessment plan and the delegation of the team to carry out control assessment. How Many Control Families are There in NIST 800-53?
CM – Cnfiguration Management: CM controls are specific to an organization’s configuration management policies. This includes a baseline configuration to operate as the basis for future builds or changes to information systems. Additionally, this includes information system component inventories and a security impact analysis control. CP – Contingency Planning: The CP control family includes controls specific to an organization's contingency plan if a cybersecurity event should occur. This includes controls like contingency plan testing, updating, training, and backups, and system reconstitution. IA – Identification and Authentication: IA controls are specific to the identification and authentication policies in an organization. This includes the identification and authentication of organizational and non-organizational users and how the management of those systems. IR – Incident Response: Controls for incident response are customized to an organization’s rules and processes. This area may include incident response training, testing, monitoring, reporting, and a response strategy. How Many Control Families are There in NIST 800-53?
MA – Maintenance: Revision five of NIST 800-53 outlines standards for maintaining systems and tools. MP – Media Protection: Access, marking, storage, transit policies, sanitization, and defined organizational media use are all covered by the media protection control family. PE – Physical and Environmental Protection: Physical and environmental protection is a control family used to safeguard systems, buildings, and supporting infrastructure from physical dangers. Physical access authorizations, monitoring, visitor records, emergency shutoff, electricity, lighting, fire protection, and water damage prevention are all examples of these controls. PL – Planning: Security planning policies address the goal, scope, roles, duties, management commitment, and coordination among entities for organizational compliance. PM – Program Management: The PM control family applies to your cybersecurity program. It includes a critical infrastructure plan, information security program plan, a plan of action milestones and processes, a risk management strategy, and enterprise architecture. How Many Control Families are There in NIST 800-53?
PS – Personnel Security: Standards around personnel screening, termination, transfers, sanctions, and access agreements are all examples of PS controls to protect employees. PT – Personally Identifiable Information (PII) Processing and Transparency: The PII Processing and Transparency family of controls helps to safeguard sensitive data, focusing on consent and privacy. Organizations can lower the risk of data breaches by properly managing personally identifiable information. RA – Risk Assessment: The RA control family covers an organization’s risk assessment policies and vulnerability scanning capabilities. SA – System and Services Acquisition: The System and Services Acquisition family of controls includes the allocation of resources and the creation of system development life cycles. Controls help organizations create a safe acquisition process for new systems and devices, safeguarding the integrity of the wider system and data. How Many Control Families are There in NIST 800-53?
SC – System and Communications Protection: The System and Communications Protection family of controls covers the protection of system boundaries and the safe management of collaborative devices. Controls provide in-depth guidance on set-up and ongoing management of systems, including access, partitions, and usage restrictions. SI – System and Information Integrity: The System and Information Integrity family of controls focuses on maintaining the integrity of the information system. Controls cover topics like protection from malicious code and spam, and procedures for ongoing system- wide monitoring. SR – Supply Chain Risk Management: The Supply Chain Risk Management family of controls covers policies and procedures to counter risks in the supply chain. This includes processes to assess and manage suppliers, and the inspection of supply chain systems and components. How Many Control Families are There in NIST 800-53?
Incident Response – What is it and Why is Having an IR Plan so Important? What is meant by Incident Response (IR)?: NIST defines Incident Response this way: “The mitigation of violations of security policies and recommended practices.” A very large cybersecurity company defines IR as: “…a set of information security policies and procedures that you can use to identify, contain, and eliminate cyberattacks. It is also states that the goal of incident response is “…to enable an organization to quickly detect and halt attacks, minimizing damage and preventing future attacks of the same type.” Why is Having an IR Plan so Important?: Incident response planning is important because it outlines how to minimize the duration and damage of security incidents, identifies stakeholders, streamlines digital forensics, improves recovery time, reduces negative publicity and customer churn.
Incident Response – Goals What are the Goals fo Cyber Incident Response? NIST states the goals of Cyber IR is to: “Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.” An esteemed and well-known University states the goals of Cyber IR are: “to contain the scope of an incident and reduce the risk to institutional systems and data and to return affected systems and data back to an operational state as quickly as possible.” What are the Goals fo Cyber Incident Response? The NIST incident response lifecycle breaks incident response down into four main phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post- Event Activity.
Incident Response Lifecycle Incident Response Lifecycle
Incident Response – Preparation The initial phase involves establishing and training an incident response team, and acquiring the necessary tools and resources. During preparation, the organization also attempts to limit the number of incidents that will occur by selecting and implementing a set of controls based on the results of risk assessments. Incident response methodologies typically emphasize preparation—not only establishing an incident response capability so that the organization is ready to respond to incidents, but also preventing incidents by ensuring that systems, networks, and applications are sufficiently secure.
Incident Response – Detection & Analysis In this phase, cybersecurity teams detect the occurrence of an issue and decide whether or not it is actually an incident so that their organization can respond to it appropriately. The main purposes of this phase are to determine whether the incident is really occurring and analyze its nature. These might not be easy tasks. NIST SP 800-61 lists the steps of “Detection and analysis” phase: 1) Noticing signs of an incident (called “precursors” and “indicators”) 2) Analyzing these signs 3) Documenting the incident 4) Prioritizing incidents 5) incident notification. At this stage of incident response lifecycle, the incident response team should not yet try to eradicate the incident. It is very important not to start eradication activities without proper incident analysis.
Incident Response – Containment, Eradication, and Recovery This is the main phase of security incident response, in which the responders take action to stop any further damage. This phase encompasses three steps: 1) Containment. In this step, all possible methods are used to prevent the spread of malware or viruses. Actions might include disconnecting systems from networks, quarantining infected systems, or blocking traffic to and from known malicious IP addresses. 2) Eradication. After containing the security issue in question, the malicious code or software needs to be eradicated from the environment. This might involve using antivirus tools or manual removal techniques. It will also include ensuring that all security software is up to date in order to prevent any future incidents. 3) Recovery. After eliminating the malware, restoring all systems to their pre-incident state is essential. This might involve restoring data from backups, rebuilding infected systems, and re-enabling disabled accounts.
Incident Response – Post Incident Activity The final phase of the incident response life cycle is to perform a postmortem of the entire incident. Learning and improving after an incident is one of the most important parts of incident response and the most often ignored. In this phase the incident and incident response efforts are analyzed. The goals here are to limit the chances of the incident happening again and to identify ways of improving future incident response activity. Performing this analysis helps the organization understand how the incident took place and what it can do to prevent such incidents from happening in the future. The lessons learned during this phase can improve the organization’s incident security protocols and make its security strategy more robust and effective.
Tips for Creating a Realistic and Effective Incident Response Plan 1) Identify and train incident handlers BEFORE there is a security breach. Ensure that all employees know their responsibilities when an event occurs. These responsibilities may vary, but they will likely cover things like when to report an issue, who to contact, and what tools to immediately deploy in the event of a breach. 2) Create effective communication channels across teams, ensuring that each person reports to their assigned contact. This helps ensure quick detection and recovery from any incidents in real time without losing valuable information or data. 3) Maintain logs for each system and update them regularly, leaving no gaps in the data. The creation of such logs can be useful in identifying the source of a security breach, may prevent a breach from spreading throughout your network and preventing similar events in the future. 4) Regularly test the incident response plan to keep it up to date with any changes made to security policies or new technologies introduced to the organization’s infrastructure. This step is VERY IMPORTANT, and most entities do not practice their IR plans.
Personally Identifiable Information (PII) – What is it and How Do You Protect it? NIST defines PII as: “…information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.” Examples of PII: Sensitive personally identifiable information can include your full name, Social Security Number, driver’s license, financial information, and medical records. Non-sensitive personally identifiable information is easily accessible from public sources and can include your zip code, race, gender, and date of birth. Passports contain personally identifiable information. Social media sites may be considered non-sensitive personally identifiable information.
Personally Identifiable Information (PII) – What is it and How Do You Protect it? Every organization stores and uses personally identifiable information (PII), whether on its employees or customers. As enterprises collect, process, and store PII, they also inherit responsibility for protecting it. Doing so ensures the integrity of individuals’ identities while protecting your company’s reputation. PII can be compromised in a variety of ways. Digital files can be hacked and accessed by criminals, while physical files can be exposed to threats if not properly secured. Without safeguards and a PII protection policy, organizations and their customers are at risk of identity theft. In 2020, identity theft was the most common consequence of a data breach, occurring 65% of the time.
Personally Identifiable Information (PII) – What is it and How Do You Protect it? 1) Identify What PII You Collect and Where It Is Stored Begin by performing an inventory of what personally identifiable information you’re collecting and where it’s being stored. You’ll need to examine whether you’re collecting data correctly and if the storage method contains adequate security measures. 2) Identify What Compliance Regulations You Must Follow Depending on your industry, you may be subject to legal compliance requirements. These are laws that govern how you collect, handle, store, and transmit certain types of sensitive information. These may vary based on where or who your customers are, rather than your industry or business location. Some common compliance mandates include: • Health Insurance Portability and Accountability Act (HIPAA) • General Data Protection Regulation (GDPR) • California Consumer Privacy Act (CCPA)
Personally Identifiable Information (PII) – What is it and How Do You Protect it? 3) Perform a Personally Identifiable Information Risk Assessment A risk assessment will help you identify possible vulnerabilities or weak points in your security strategy before criminals do. You should identify: • What PII is regulated and what actions you’re taking to ensure compliance. • What unregulated PII poses risks to reputation, competition, security, etc. • Possible sources of threats from most to least likely. • Possible risk management strategies, including control procedures and safeguards that you can implement.
Personally Identifiable Information (PII) – What is it and How Do You Protect it? 4) Securely Delete Personally Identifiable Information That’s Not Necessary to Business Are you holding onto PII that you no longer need? While you might think it’s best to hoard as much data as you can, PII can be a security risk when it hangs around forgotten. Comb through your organization and identify information that can be deleted. This includes: • Customers who have moved away, died, or ended the relationship. • Records of employees who left the company more than a year ago. • PII located on disused devices or in abandoned accounts. • Instances where individuals have requested that you delete their information. • PII accumulates over time, so “cleaning house” can reduce your storage costs as well as your risk.
Personally Identifiable Information (PII) – What is it and How Do You Protect it? 5) Classify PII by Confidentiality and Privacy Impacts Not all PII is of the same level of sensitivity. For example, email lists must still be protected, but they have a much lower level of confidentiality than customer records containing credit card numbers. By classifying data according to confidentiality and impact if their privacy is compromised, you can gain a sense of what your security program needs. 6) Review and Update Safeguards That Protect Personally Identifiable Information Review your overall security program to see what safeguards you need to update. Likewise, make sure you’re using up-to-date tools and solutions to protect PII. This includes your: • Email service • Antivirus and malware • Customer management tools • Information security management software
Personally Identifiable Information (PII) – What is it and How Do You Protect it? 7) Update Your Security Policies With the rollout of enhanced data privacy laws, your policies may need a review. Take a moment to review the foundation for protecting PII: your internal security policies. Policies that include best-practice security controls, from trusted frameworks like SOC 2 or CIS, help ensure that the information you store and process stays say. These policies also create a structure for your employee awareness training around the collection, storage, encryption, de-identification, and deletion of PII. Keep Your Data Protected No Matter What!! Protecting PII should be central to your information security program. Your customers expect you to protect their PII no matter what. With these seven steps, you can build a solid security strategy that meets or exceeds their expectation.
• NIST History: https://www.nist.gov/history#:~:text=The%20National%20Institute%20of%20Standards,natio n's%20oldest%20physical%20science%20laboratories. • NIST 800-53 Explained: https://www.cybersaint.io/blog/what-is-nist-800-53 • NIST SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and Organizations: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final • NIST SP 800-61 Rev. 2 - Computer Security Incident Handling Guide: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf • ISO 27001 framework: What it is and how to comply: https://resources.infosecinstitute.com/topic/iso-27001-framework-what-it-is-and-how-to- comply/#:~:text=ISO%2027001%20is%20a%20standards%20framework%20that%20provides% 20best%20practices,and%20get%20ISO%2027001%20certified. Additional Reading and Resources - Incident Response
• PII Defined (NIST): https://csrc.nist.gov/glossary/term/PII • Guidance on the Protection of Personal Identifiable Information: https://www.dol.gov/general/ppii#:~:text=Personal%20Identifiable%20Information%20(PII)% 20is,either%20direct%20or%20indirect%20means. • What is SOC 2 and How do You Attain SOC 2 Compliance?: https://www.imperva.com/learn/data-security/soc-2-compliance/ Additional Reading and Resources - PII
Questions and Answers

Recommended

The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
Thilak Pathirage -Senior IT Gov and Risk Consultant
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
karthikvcyber
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
karthikvcyber
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
lneut03
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
AvniJain836319
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 

Recommended

The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
Thilak Pathirage -Senior IT Gov and Risk Consultant
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
karthikvcyber
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
karthikvcyber
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
lneut03
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
AvniJain836319
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
Leon Blum
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework Types
LearningwithRayYT
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
kevlekalakala
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
Vidyalankar Institute of Technology
 
Contrast & Compare & Contrast Information Security Roles
Contrast & Compare & Contrast Information Security Roles Contrast & Compare & Contrast Information Security Roles
Contrast & Compare & Contrast Information Security Roles
LearningwithRayYT
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
ShyamMishra72
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
IOSR Journals
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
Career Exploration Week 3.pptx
Career Exploration Week 3.pptxCareer Exploration Week 3.pptx
Career Exploration Week 3.pptx
Kinetic Potential
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptx
Kinetic Potential
 

More Related Content

Similar to Cyber Families - Incident Response.pptx

Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
Leon Blum
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
kevlekalakala
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
ShyamMishra72
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 

Similar to Cyber Families - Incident Response.pptx (20)

Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Compare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework TypesCompare and Contrast Security Controls and Framework Types
Compare and Contrast Security Controls and Framework Types
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Contrast & Compare & Contrast Information Security Roles
Contrast & Compare & Contrast Information Security Roles Contrast & Compare & Contrast Information Security Roles
Contrast & Compare & Contrast Information Security Roles
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
 

More from Kinetic Potential

More from Kinetic Potential (18)

Career Exploration Week 3.pptx
Career Exploration Week 3.pptxCareer Exploration Week 3.pptx
Career Exploration Week 3.pptx
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptx
 
Quantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxQuantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptx
 
Quantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptxQuantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptx
 
Quantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptxQuantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptx
 
DRHA KPLIFE BOOTCAMP.pptx
DRHA KPLIFE BOOTCAMP.pptxDRHA KPLIFE BOOTCAMP.pptx
DRHA KPLIFE BOOTCAMP.pptx
 
Financial Literacy
Financial LiteracyFinancial Literacy
Financial Literacy
 
Abuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & EducationAbuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & Education
 
CAPM study session 4
CAPM study session 4CAPM study session 4
CAPM study session 4
 
CAPM Study Session 3
CAPM Study Session 3CAPM Study Session 3
CAPM Study Session 3
 
CAPM Study Session 2
CAPM Study Session 2CAPM Study Session 2
CAPM Study Session 2
 
CAPM Exam Study Session 1
CAPM Exam Study Session 1CAPM Exam Study Session 1
CAPM Exam Study Session 1
 
Lesson 2 making rules
Lesson 2 making rulesLesson 2 making rules
Lesson 2 making rules
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813
 
Lesson 8 safety
Lesson 8 safetyLesson 8 safety
Lesson 8 safety
 
My career interest
My career interestMy career interest
My career interest
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Cyber Families - Incident Response.pptx

  • 1. Cybersecurity Families and Controls Part 1 – History, Overview and Incident Response AND Part 2 – What is PII and How Do You Protect it? 1
  • 3. Is There a Cybersecurity Standard? Yes!! The International Standards Organizations (ISO) established ISO 27001/27002 and it is the internationally recognized standard for cybersecurity. It assumes that an organization adopting ISO 27001 will have an Information Security Management System (ISMS). ISO/IEC 27001 requires that management systematically manage the organization’s information security risks, taking threats and vulnerabilities into account. What is the Origin of ISO 27001? ISO 27000 came out of the BS (British Standard) 7799, originally published in 1995 in three parts. The first part of BS 7799, dealing with the best practices of information security, was incorporated in ISO 17799 and in made part of the ISO 27000 series in 2000. Cybersecurity Standards and Frameworks
  • 4. What is a Cybersecurity “Framework”? Cybersecurity frameworks are sets of documents describing guidelines, standards, and best practices designed for cyber security risk management . The frameworks exist to reduce an organization's exposure to weaknesses and vulnerabilities that hackers and other cyber criminals may exploit. What is the Difference Between a Cybersecurity Standard and a Framework? A cybersecurity standard is a set of guidelines or best practices that organizations can use to improve their cybersecurity posture. Organizations can use cybersecurity standards to help them identify and implement appropriate measures to protect their systems and data from cyber threats. Standards can also provide guidance on how to respond to and recover from cybersecurity incidents. These are generally not voluntary and must be followed for compliance. A cybersecurity framework is a system of standards, guidelines, and best practices to manage risks that arise in the digital world. They typically match security objectives, like avoiding unauthorized system access, with controls like requiring a username and password. ybersecurity frameworks are often mandatory, or at least strongly encouraged, for companies that want to comply with state, industry, and international cybersecurity regulations. Cybersecurity Standards and Frameworks
  • 5. How Many Different Cybersecurity Frameworks are There? Cybersecurity frameworks provide a set of best practices for determining risk tolerance and setting controls. Knowing which one is best for your organization can be difficult. In fact, many regulations cross-reference more than one standard or framework. There are at least 20 security frameworks out there designed to help cyber professionals create robust cybersecurity compliance programs. What is Considered the Go To or Most Used Cybersecurity Framework? Among the most widely used cybersecurity frameworks is NIST publications NIST 800-53, a set of controls intended to help organizations meet the requirements of the Federal Information Security Modernization Act (FISMA), which is mandatory for federal agencies and organizations that are part of their supply chain such as defense contractors. It is considered the cybersecurity gold standard among federal agencies. It is also widely used among both Private (for profit) and Public (government) entities. Cybersecurity Standards and Frameworks
  • 6. Who or What is NIST?
  • 7. Who or What is NIST? The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness. What is NIST Publication 800-53 and What the Purpose of the Document? NIST 800-53 is a cybersecurity standard and compliance framework developed by the National Institute of Standards in Technology. It is a continuously updated framework that tries to flexibly define standards, controls, and assessments based on risk, cost- effectiveness, and capabilities. NIST 800-53 framework is designed to provide a foundation of guiding elements, strategies, systems, and controls, that can agnostically support any organization’s cybersecurity needs and priorities. Cybersecurity Standards and Frameworks - NIST
  • 8. What are Cybersecurity Controls? Cybersecurity controls are mechanisms used to prevent, detect and mitigate cyber threats and attacks. The cybersecurity controls outlined in NIST Special Publication 800-53 provide all agencies who utilize the cybersecurity framework the recommended security and privacy controls to protect against potential security issues and cyber attacks. What are Cybersecurity Control “Families”? Security control families are collections of security controls all related to the same broad subject: physical access controls, awareness and training, incident response, and so forth. The precise number of controls within each family can vary, but each one will relate back to the control family’s basic focus. What are Cybersecurity Controls and What are Control “Families”?
  • 9. AC – Access Control: The AC Control Family consists of security requirements detailing system logging. This includes who has access to what assets and reporting capabilities like account management, system privileges, and remote access logging to determine when users have access to the system and their level of access. AT – Awareness and Training: The control sets in the AT Control Family are specific to your security training and procedures, including security training records. A particular focus is improving awareness of different operational risks and threats to privacy or system security. AU – Audit and Accountability: The AU control family consists of security controls related to an organization’s audit capabilities. This includes audit policies and procedures, audit logging, audit report generation, and protection of audit information. CA – Assessment, Authorization and Monitoring: The Continuous Assessment, Authorization and Monitoring family focuses on the continuous monitoring and improvement of security and privacy controls. It covers the creation of an assessment plan and the delegation of the team to carry out control assessment. How Many Control Families are There in NIST 800-53?
  • 10. CM – Cnfiguration Management: CM controls are specific to an organization’s configuration management policies. This includes a baseline configuration to operate as the basis for future builds or changes to information systems. Additionally, this includes information system component inventories and a security impact analysis control. CP – Contingency Planning: The CP control family includes controls specific to an organization's contingency plan if a cybersecurity event should occur. This includes controls like contingency plan testing, updating, training, and backups, and system reconstitution. IA – Identification and Authentication: IA controls are specific to the identification and authentication policies in an organization. This includes the identification and authentication of organizational and non-organizational users and how the management of those systems. IR – Incident Response: Controls for incident response are customized to an organization’s rules and processes. This area may include incident response training, testing, monitoring, reporting, and a response strategy. How Many Control Families are There in NIST 800-53?
  • 11. MA – Maintenance: Revision five of NIST 800-53 outlines standards for maintaining systems and tools. MP – Media Protection: Access, marking, storage, transit policies, sanitization, and defined organizational media use are all covered by the media protection control family. PE – Physical and Environmental Protection: Physical and environmental protection is a control family used to safeguard systems, buildings, and supporting infrastructure from physical dangers. Physical access authorizations, monitoring, visitor records, emergency shutoff, electricity, lighting, fire protection, and water damage prevention are all examples of these controls. PL – Planning: Security planning policies address the goal, scope, roles, duties, management commitment, and coordination among entities for organizational compliance. PM – Program Management: The PM control family applies to your cybersecurity program. It includes a critical infrastructure plan, information security program plan, a plan of action milestones and processes, a risk management strategy, and enterprise architecture. How Many Control Families are There in NIST 800-53?
  • 12. PS – Personnel Security: Standards around personnel screening, termination, transfers, sanctions, and access agreements are all examples of PS controls to protect employees. PT – Personally Identifiable Information (PII) Processing and Transparency: The PII Processing and Transparency family of controls helps to safeguard sensitive data, focusing on consent and privacy. Organizations can lower the risk of data breaches by properly managing personally identifiable information. RA – Risk Assessment: The RA control family covers an organization’s risk assessment policies and vulnerability scanning capabilities. SA – System and Services Acquisition: The System and Services Acquisition family of controls includes the allocation of resources and the creation of system development life cycles. Controls help organizations create a safe acquisition process for new systems and devices, safeguarding the integrity of the wider system and data. How Many Control Families are There in NIST 800-53?
  • 13. SC – System and Communications Protection: The System and Communications Protection family of controls covers the protection of system boundaries and the safe management of collaborative devices. Controls provide in-depth guidance on set-up and ongoing management of systems, including access, partitions, and usage restrictions. SI – System and Information Integrity: The System and Information Integrity family of controls focuses on maintaining the integrity of the information system. Controls cover topics like protection from malicious code and spam, and procedures for ongoing system- wide monitoring. SR – Supply Chain Risk Management: The Supply Chain Risk Management family of controls covers policies and procedures to counter risks in the supply chain. This includes processes to assess and manage suppliers, and the inspection of supply chain systems and components. How Many Control Families are There in NIST 800-53?
  • 14. Incident Response – What is it and Why is Having an IR Plan so Important? What is meant by Incident Response (IR)?: NIST defines Incident Response this way: “The mitigation of violations of security policies and recommended practices.” A very large cybersecurity company defines IR as: “…a set of information security policies and procedures that you can use to identify, contain, and eliminate cyberattacks. It is also states that the goal of incident response is “…to enable an organization to quickly detect and halt attacks, minimizing damage and preventing future attacks of the same type.” Why is Having an IR Plan so Important?: Incident response planning is important because it outlines how to minimize the duration and damage of security incidents, identifies stakeholders, streamlines digital forensics, improves recovery time, reduces negative publicity and customer churn.
  • 15. Incident Response – Goals What are the Goals fo Cyber Incident Response? NIST states the goals of Cyber IR is to: “Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.” An esteemed and well-known University states the goals of Cyber IR are: “to contain the scope of an incident and reduce the risk to institutional systems and data and to return affected systems and data back to an operational state as quickly as possible.” What are the Goals fo Cyber Incident Response? The NIST incident response lifecycle breaks incident response down into four main phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post- Event Activity.
  • 17. Incident Response – Preparation The initial phase involves establishing and training an incident response team, and acquiring the necessary tools and resources. During preparation, the organization also attempts to limit the number of incidents that will occur by selecting and implementing a set of controls based on the results of risk assessments. Incident response methodologies typically emphasize preparation—not only establishing an incident response capability so that the organization is ready to respond to incidents, but also preventing incidents by ensuring that systems, networks, and applications are sufficiently secure.
  • 18. Incident Response – Detection & Analysis In this phase, cybersecurity teams detect the occurrence of an issue and decide whether or not it is actually an incident so that their organization can respond to it appropriately. The main purposes of this phase are to determine whether the incident is really occurring and analyze its nature. These might not be easy tasks. NIST SP 800-61 lists the steps of “Detection and analysis” phase: 1) Noticing signs of an incident (called “precursors” and “indicators”) 2) Analyzing these signs 3) Documenting the incident 4) Prioritizing incidents 5) incident notification. At this stage of incident response lifecycle, the incident response team should not yet try to eradicate the incident. It is very important not to start eradication activities without proper incident analysis.
  • 19. Incident Response – Containment, Eradication, and Recovery This is the main phase of security incident response, in which the responders take action to stop any further damage. This phase encompasses three steps: 1) Containment. In this step, all possible methods are used to prevent the spread of malware or viruses. Actions might include disconnecting systems from networks, quarantining infected systems, or blocking traffic to and from known malicious IP addresses. 2) Eradication. After containing the security issue in question, the malicious code or software needs to be eradicated from the environment. This might involve using antivirus tools or manual removal techniques. It will also include ensuring that all security software is up to date in order to prevent any future incidents. 3) Recovery. After eliminating the malware, restoring all systems to their pre-incident state is essential. This might involve restoring data from backups, rebuilding infected systems, and re-enabling disabled accounts.
  • 20. Incident Response – Post Incident Activity The final phase of the incident response life cycle is to perform a postmortem of the entire incident. Learning and improving after an incident is one of the most important parts of incident response and the most often ignored. In this phase the incident and incident response efforts are analyzed. The goals here are to limit the chances of the incident happening again and to identify ways of improving future incident response activity. Performing this analysis helps the organization understand how the incident took place and what it can do to prevent such incidents from happening in the future. The lessons learned during this phase can improve the organization’s incident security protocols and make its security strategy more robust and effective.
  • 21. Tips for Creating a Realistic and Effective Incident Response Plan 1) Identify and train incident handlers BEFORE there is a security breach. Ensure that all employees know their responsibilities when an event occurs. These responsibilities may vary, but they will likely cover things like when to report an issue, who to contact, and what tools to immediately deploy in the event of a breach. 2) Create effective communication channels across teams, ensuring that each person reports to their assigned contact. This helps ensure quick detection and recovery from any incidents in real time without losing valuable information or data. 3) Maintain logs for each system and update them regularly, leaving no gaps in the data. The creation of such logs can be useful in identifying the source of a security breach, may prevent a breach from spreading throughout your network and preventing similar events in the future. 4) Regularly test the incident response plan to keep it up to date with any changes made to security policies or new technologies introduced to the organization’s infrastructure. This step is VERY IMPORTANT, and most entities do not practice their IR plans.
  • 22. Personally Identifiable Information (PII) – What is it and How Do You Protect it? NIST defines PII as: “…information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.” Examples of PII: Sensitive personally identifiable information can include your full name, Social Security Number, driver’s license, financial information, and medical records. Non-sensitive personally identifiable information is easily accessible from public sources and can include your zip code, race, gender, and date of birth. Passports contain personally identifiable information. Social media sites may be considered non-sensitive personally identifiable information.
  • 23. Personally Identifiable Information (PII) – What is it and How Do You Protect it? Every organization stores and uses personally identifiable information (PII), whether on its employees or customers. As enterprises collect, process, and store PII, they also inherit responsibility for protecting it. Doing so ensures the integrity of individuals’ identities while protecting your company’s reputation. PII can be compromised in a variety of ways. Digital files can be hacked and accessed by criminals, while physical files can be exposed to threats if not properly secured. Without safeguards and a PII protection policy, organizations and their customers are at risk of identity theft. In 2020, identity theft was the most common consequence of a data breach, occurring 65% of the time.
  • 24. Personally Identifiable Information (PII) – What is it and How Do You Protect it? 1) Identify What PII You Collect and Where It Is Stored Begin by performing an inventory of what personally identifiable information you’re collecting and where it’s being stored. You’ll need to examine whether you’re collecting data correctly and if the storage method contains adequate security measures. 2) Identify What Compliance Regulations You Must Follow Depending on your industry, you may be subject to legal compliance requirements. These are laws that govern how you collect, handle, store, and transmit certain types of sensitive information. These may vary based on where or who your customers are, rather than your industry or business location. Some common compliance mandates include: • Health Insurance Portability and Accountability Act (HIPAA) • General Data Protection Regulation (GDPR) • California Consumer Privacy Act (CCPA)
  • 25. Personally Identifiable Information (PII) – What is it and How Do You Protect it? 3) Perform a Personally Identifiable Information Risk Assessment A risk assessment will help you identify possible vulnerabilities or weak points in your security strategy before criminals do. You should identify: • What PII is regulated and what actions you’re taking to ensure compliance. • What unregulated PII poses risks to reputation, competition, security, etc. • Possible sources of threats from most to least likely. • Possible risk management strategies, including control procedures and safeguards that you can implement.
  • 26. Personally Identifiable Information (PII) – What is it and How Do You Protect it? 4) Securely Delete Personally Identifiable Information That’s Not Necessary to Business Are you holding onto PII that you no longer need? While you might think it’s best to hoard as much data as you can, PII can be a security risk when it hangs around forgotten. Comb through your organization and identify information that can be deleted. This includes: • Customers who have moved away, died, or ended the relationship. • Records of employees who left the company more than a year ago. • PII located on disused devices or in abandoned accounts. • Instances where individuals have requested that you delete their information. • PII accumulates over time, so “cleaning house” can reduce your storage costs as well as your risk.
  • 27. Personally Identifiable Information (PII) – What is it and How Do You Protect it? 5) Classify PII by Confidentiality and Privacy Impacts Not all PII is of the same level of sensitivity. For example, email lists must still be protected, but they have a much lower level of confidentiality than customer records containing credit card numbers. By classifying data according to confidentiality and impact if their privacy is compromised, you can gain a sense of what your security program needs. 6) Review and Update Safeguards That Protect Personally Identifiable Information Review your overall security program to see what safeguards you need to update. Likewise, make sure you’re using up-to-date tools and solutions to protect PII. This includes your: • Email service • Antivirus and malware • Customer management tools • Information security management software
  • 28. Personally Identifiable Information (PII) – What is it and How Do You Protect it? 7) Update Your Security Policies With the rollout of enhanced data privacy laws, your policies may need a review. Take a moment to review the foundation for protecting PII: your internal security policies. Policies that include best-practice security controls, from trusted frameworks like SOC 2 or CIS, help ensure that the information you store and process stays say. These policies also create a structure for your employee awareness training around the collection, storage, encryption, de-identification, and deletion of PII. Keep Your Data Protected No Matter What!! Protecting PII should be central to your information security program. Your customers expect you to protect their PII no matter what. With these seven steps, you can build a solid security strategy that meets or exceeds their expectation.
  • 29. • NIST History: https://www.nist.gov/history#:~:text=The%20National%20Institute%20of%20Standards,natio n's%20oldest%20physical%20science%20laboratories. • NIST 800-53 Explained: https://www.cybersaint.io/blog/what-is-nist-800-53 • NIST SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and Organizations: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final • NIST SP 800-61 Rev. 2 - Computer Security Incident Handling Guide: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf • ISO 27001 framework: What it is and how to comply: https://resources.infosecinstitute.com/topic/iso-27001-framework-what-it-is-and-how-to- comply/#:~:text=ISO%2027001%20is%20a%20standards%20framework%20that%20provides% 20best%20practices,and%20get%20ISO%2027001%20certified. Additional Reading and Resources - Incident Response
  • 30. • PII Defined (NIST): https://csrc.nist.gov/glossary/term/PII • Guidance on the Protection of Personal Identifiable Information: https://www.dol.gov/general/ppii#:~:text=Personal%20Identifiable%20Information%20(PII)% 20is,either%20direct%20or%20indirect%20means. • What is SOC 2 and How do You Attain SOC 2 Compliance?: https://www.imperva.com/learn/data-security/soc-2-compliance/ Additional Reading and Resources - PII