Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

INCIDENT HANDLING IN ORGANISATIONS

27 views

Published on

In this presentation we look at how organisations conduct incident handling with a focus on how it applies to businesses in Mauritius

Published in: Technology
  • Be the first to comment

  • Be the first to like this

INCIDENT HANDLING IN ORGANISATIONS

  1. 1. Incident Handling in Organisations Dr. Kaleem Usmani Head of CERT-MU
  2. 2. Top Cybersecurity Facts 2018 Source:(CSO from IDG) • Cyber crime damage costs to hit $6 trillion annually by 2021 • Cybersecurity spending to exceed $1 trillion from by 2021 • Human attack surface to reach 6 billion people by 2022 • Cybersecurity Ventures expects ransomware damage costs will rise to $11.5 billion in 2019 and that a business will fall victim to a ransomware attack every 14 seconds by that time. 2
  3. 3. Incidents Types Nuclear Power Steal Plants Solar Power ATM Account Thefts Stock Exchanges Payment Card Accounts Theft of email addresses, passwords Attacks on government sites ( websites defacement) Financial companies Power Grids World most trusted news organizations Zero day threats Advanced Pertinent Threats Ransomwares 3
  4. 4. Incident Handling Framework Layer 1 Preparation • Incident Response Team • Risk Assessment • Compliance • Crisis Management Plan • Technology / Security Tools Layer 2 Identification • Verification • Triage • Decision Making Layer 3 Response • Analysis • Containment • Business Continuity • Eradication • Recovery Layer 4 Review • Assessment of Incident • Legal Aspects • Documentation • Improvement 4
  5. 5. Incident Handling Cycle PHASE 1: PLANNING AND ORGANISATION Decision Making Triage If Incident is valid?Incident is detected Documentation Improvement Create Incident Response Team Training Incident Management Strategy Risk Assessment Compliance Crisis Management Plan Security Tools Yes RecoveryEradication All data is stored Crisis Management Plan Containment strategy – time consuming or incident cannot be contained? Choose Containment Strategy Containment and Business Continuity Analysis of Incident LAYER 1: PREPARATION LAYER 2: IDENTIFICATION LAYER 4: REVIEW LAYER 3: RESPONSE Ends No Yes Yes No Legal Aspects Prosecution? Legal Procedures No Assessment 5
  6. 6. Incident Handling Procedures in Organisations General Procedure…… • Log the incident • Inform the appropriate people • Release of Information • Follow-up Analysis 6
  7. 7. Incident Handling Procedures in Organisations Incident Specific Procedure…… ( Virus family) • Isolate the system • Log all actions • Notify appropriate people • Identify the problem • Contain the virus ( family…..) • Inoculate the System • Return to a Normal Operating Mode • Follow-up Analysis 7
  8. 8. Incident Handling Procedures in Organisations Incident Specific Procedure…… ( Hacking) • Identify Problem • Notify appropriate people • Identify Hacker/Cracker • Log all actions • Notify CERT • Follow-up 8
  9. 9. Incident Handling Procedures in Organisations Reporting Channels ( How it works in the country) • CERT • Law Enforcement • DPPs Office • ISPs 9
  10. 10. Thank You

×