Cyber Security
Incident Response
Are we as prepared as we think?
Lancope: The Market Leader in Network Visibility
Technology Leadership
• Powerful threat intelligence
• Patented behaviora...
About Ponemon Institute
 The Institute is dedicated to advancing responsible information management practices
that positi...
About our sample
A scientific sampling frame of 20,446 experienced IT and IT security practitioners located in all
regions...
What is your job title?

© 2013 Lancope, Inc. All rights reserved.

5
Organization Size and Industry

© 2013 Lancope, Inc. All rights reserved.

6
Salient Findings
• Investment is critical for effective cyber incident response
programs.
• CSIRTs are ill-prepared to res...
Do you anticipate a material security breach
in the future?

© 2013 Lancope, Inc. All rights reserved.

8
How can your organization most effectively
mitigate future security breaches?

© 2013 Lancope, Inc. All rights reserved.

...
Do you have a fully functional CSIRT?

© 2013 Lancope, Inc. All rights reserved.

10
What percentage of your security budget is
spent on incident response preparedness?

© 2013 Lancope, Inc. All rights reser...
How many employees are dedicated to
incident response?
Full Time

© 2013 Lancope, Inc. All rights reserved.

Part Time

12
How much experience do your incident
responders have?

© 2013 Lancope, Inc. All rights reserved.

13
Do you use third party consultants?

© 2013 Lancope, Inc. All rights reserved.

14
How frequently do you assess the readiness
of your Incident Response team?

© 2013 Lancope, Inc. All rights reserved.

15
Do you have a PR and Analyst Relations plan
in place in the event of a breach?

© 2013 Lancope, Inc. All rights reserved.
...
Do you have a multi disciplinary insider
threat management program?

© 2013 Lancope, Inc. All rights reserved.

17
Are you sharing threat intelligence?

© 2013 Lancope, Inc. All rights reserved.

18
Frequency of Cyber Threat Briefings?

© 2013 Lancope, Inc. All rights reserved.

19
Does your organization use metrics to
measure incident response effectiveness?

© 2013 Lancope, Inc. All rights reserved.
...
How long does incident response take?

© 2013 Lancope, Inc. All rights reserved.

21
What are the most effective tools for
detecting security breaches?

© 2013 Lancope, Inc. All rights reserved.

22
Recommendations
•

Build an incident response team consisting of experienced, full-time members
–
–
–
–

•

Assess the rea...
Get your FREE copy
of this report at:
http://www.lancope.com/ponemon-incident-response/

© 2013 Lancope, Inc. All rights r...
Thank You
Tom Cross
Director of Security Research,
StealthWatch Labs

Larry Ponemon
Chairman and Founder,
Ponemon Institut...
Upcoming SlideShare
Loading in …5
×

Ponemon Report: Cyber Security Incident Response: Are we as prepared as we think?

5,995 views

Published on

Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,995
On SlideShare
0
From Embeds
0
Number of Embeds
4,599
Actions
Shares
0
Downloads
51
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Ponemon Report: Cyber Security Incident Response: Are we as prepared as we think?

  1. 1. Cyber Security Incident Response Are we as prepared as we think?
  2. 2. Lancope: The Market Leader in Network Visibility Technology Leadership • Powerful threat intelligence • Patented behavioral analysis • Scalable monitoring up to 3M flows per second • 150+ algorithms Best of Breed • 650 Enterprise Clients • Key to Cisco’s Cyber Threat Defense • Gartner recommended • NBA market leader • Flow-based monitoring © 2013 Lancope, Inc. All rights reserved. 2
  3. 3. About Ponemon Institute  The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.  The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.  Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations). Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.  The Institute has assembled more than 60 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.  The majority of active participants are privacy or information security leaders. 3
  4. 4. About our sample A scientific sampling frame of 20,446 experienced IT and IT security practitioners located in all regions of the United States and United Kingdom were selected as participants to this survey. To ensure knowledgeable responses, all participants in this research have some level of familiarity and involvement with their organization’s CSIRT activities. Seven hundred and ninety-three respondents completed the survey. Screening and reliability checks removed 119 surveys. The final sample was 674 surveys (or a 3.3 percent response rate). US sample contained 357 and UK sample contained 317 qualified respondents, respectively Sample response Freq Pct% 20,446 100% Total returns 793 3.9% Rejected and screened surveys 119 0.6% Final sample 674 3.3% Sampling frame 4
  5. 5. What is your job title? © 2013 Lancope, Inc. All rights reserved. 5
  6. 6. Organization Size and Industry © 2013 Lancope, Inc. All rights reserved. 6
  7. 7. Salient Findings • Investment is critical for effective cyber incident response programs. • CSIRTs are ill-prepared to respond to cyber threats. • Management is largely unaware of cyber security threats. • Metrics can help determine CSIRT effectiveness. • Network audit trails are the most effective tool for incident response. © 2013 Lancope, Inc. All rights reserved. 7
  8. 8. Do you anticipate a material security breach in the future? © 2013 Lancope, Inc. All rights reserved. 8
  9. 9. How can your organization most effectively mitigate future security breaches? © 2013 Lancope, Inc. All rights reserved. 9
  10. 10. Do you have a fully functional CSIRT? © 2013 Lancope, Inc. All rights reserved. 10
  11. 11. What percentage of your security budget is spent on incident response preparedness? © 2013 Lancope, Inc. All rights reserved. 11
  12. 12. How many employees are dedicated to incident response? Full Time © 2013 Lancope, Inc. All rights reserved. Part Time 12
  13. 13. How much experience do your incident responders have? © 2013 Lancope, Inc. All rights reserved. 13
  14. 14. Do you use third party consultants? © 2013 Lancope, Inc. All rights reserved. 14
  15. 15. How frequently do you assess the readiness of your Incident Response team? © 2013 Lancope, Inc. All rights reserved. 15
  16. 16. Do you have a PR and Analyst Relations plan in place in the event of a breach? © 2013 Lancope, Inc. All rights reserved. 16
  17. 17. Do you have a multi disciplinary insider threat management program? © 2013 Lancope, Inc. All rights reserved. 17
  18. 18. Are you sharing threat intelligence? © 2013 Lancope, Inc. All rights reserved. 18
  19. 19. Frequency of Cyber Threat Briefings? © 2013 Lancope, Inc. All rights reserved. 19
  20. 20. Does your organization use metrics to measure incident response effectiveness? © 2013 Lancope, Inc. All rights reserved. 20
  21. 21. How long does incident response take? © 2013 Lancope, Inc. All rights reserved. 21
  22. 22. What are the most effective tools for detecting security breaches? © 2013 Lancope, Inc. All rights reserved. 22
  23. 23. Recommendations • Build an incident response team consisting of experienced, full-time members – – – – • Assess the readiness of incident response team on an ongoing basis Provide clearly defined rules of engagement for the incident response team Involve multi-disciplinary areas of the organization in the incident response process Invest in technologies that support the collection of information to identify potential threats Use meaningful operational metrics to gauge the overall effectiveness of incident response – Translate the results of these measures into user-friendly business communications – Consider sharing threat indicators with third-party organizations to foster collaboration © 2013 Lancope, Inc. All rights reserved. 23
  24. 24. Get your FREE copy of this report at: http://www.lancope.com/ponemon-incident-response/ © 2013 Lancope, Inc. All rights reserved. 24
  25. 25. Thank You Tom Cross Director of Security Research, StealthWatch Labs Larry Ponemon Chairman and Founder, Ponemon Institute http://www.lancope.com @Lancope (company) @netflowninjas (company blog) https://www.facebook.com/Lancope http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about https://plus.google.com/u/0/103996520487697388791/posts http://feeds.feedburner.com/NetflowNinjas © 2013 Lancope, Inc. All rights reserved. 25

×