The US Department of Justice has released best practices guidance for responding to cyber incidents. The guidance outlines 8 steps organizations should take before an incident occurs, including identifying critical assets to protect, creating an incident response plan, implementing appropriate technologies, authorizing network monitoring, engaging legal counsel, aligning policies with the response plan, engaging with law enforcement, and establishing information sharing relationships. The document provides details on each step and how to respond if an intrusion is detected by assessing the scope, preserving forensic evidence, and notifying authorities. A post-incident review is also recommended.
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
What to Do Before a Cyber Incident Occurs
1. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
1
JOIN. ENGAGE. LEAD.
8 STEPS TO
TAKE BEFORE
A CYBER
INCIDENT
OCCURS
AND HOW TO
RESPOND TO AN
INTRUSION
From The RMA Journal
on the USDOJ’s best-
practice guidance.
2. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
2
JOIN. ENGAGE. LEAD.
The U.S. Department of Justice
has released
“Best Practices for Victim-Response
and Reporting of Cyber Incidents.”
The
guidance
emphasizes
the
importance
of planning
before an
incident
occurs.
BEST-PRACTICE GUIDANCE
ON CYBER INCIDENTS
3. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
3
JOIN. ENGAGE. LEAD.
BEST-PRACTICE GUIDANCE
ON CYBER INCIDENTS (CONT.)
• The guidance outlines steps you
should take before, during, and
after an incident and provides a
summary checklist.
What to do?
• Included in the guidance are the
Justice Department’s positions
on the legal permissibility of a
number of monitoring techniques
and the impermissibility of many
forms of hacking back.
What’s
legal?
4. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
4
JOIN. ENGAGE. LEAD.
8 STEPS TO TAKE BEFORE
A CYBER INCIDENT OCCURS
Identify your
crown jewels.
Create an
actionable plan.
Have appropriate
technology and
services.
Have appropriate
authorization to
permit network
monitoring.
Ensure legal counsel
is familiar with
technology and
cyber incident
management.
Ensure
organization
policies align with
the incident
response plan.
Engage with law
enforcement
before an
incident.
Establish
information-sharing
relationships.
5. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
5
JOIN. ENGAGE. LEAD.
1. IDENTIFY YOUR CROWN JEWELS
The expense and resources
required to protect your
enterprise may force you to
prioritize your efforts and may
shape planning.
6. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
6
JOIN. ENGAGE. LEAD.
1. IDENTIFY YOUR CROWN JEWELS (CONT.)
Before formulating a cyber-
incident response plan, you
should first determine which data,
assets, and services warrant the
most protection.
7. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
7
JOIN. ENGAGE. LEAD.
1. IDENTIFY YOUR CROWN JEWELS (CONT.)
The guidance suggests that
this prioritization of protection is
an important first step in
preventing a cyber intrusion or
an attack from causing
catastrophic harm.
8. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
8
JOIN. ENGAGE. LEAD.
Your organization should
have a plan in place
before an intrusion occurs.
2. CREATE AN ACTIONABLE PLAN
9. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
9
JOIN. ENGAGE. LEAD.
2. CREATE AN ACTIONABLE PLAN (CONT.)
The plan should provide
specific, concrete procedures
to follow in the event of a
cyber incident.
10. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
10
JOIN. ENGAGE. LEAD.
2. CREATE AN ACTIONABLE PLAN (CONT.)
The
procedures
should
address:
• Who has lead responsibility for different elements of
an organization’s response.
• How to contact critical personnel at any time.
• How to proceed if critical personnel are
unreachable.
• What mission-critical data, networks, or services
should be prioritized.
• How to preserve data related to the intrusion in a
forensically sound manner.
• Which criteria will be used to ascertain whether data
owners, customers, or partner companies should be
notified.
• Procedures for notifying law enforcement and
others.
11. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
11
JOIN. ENGAGE. LEAD.
This may include off-site data
backup, intrusion-detection
capabilities, and data loss
prevention technologies.
3. HAVE APPROPRIATE
TECHNOLOGY AND SERVICES
IN PLACE
12. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
12
JOIN. ENGAGE. LEAD.
3. HAVE APPROPRIATE TECHNOLOGY AND
SERVICES IN PLACE (CONT.)
The technology should
already be installed,
tested, and ready to
deploy.
13. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
13
JOIN. ENGAGE. LEAD.
Your organization should adopt the
necessary mechanisms to obtain
user consent to monitor users’
communications so it can detect
and respond to a cyber incident.
4. HAVE APPROPRIATE
AUTHORIZATION TO PERMIT
NETWORK MONITORING
14. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
14
JOIN. ENGAGE. LEAD.
Having readily available access to advice from
lawyers well acquainted with cyber incident
response can speed up your organization’s
decision making and help ensure that your
incident response activities remain on
firm legal footing.
5. ENSURE THAT LEGAL COUNSEL IS
FAMILIAR WITH TECHNOLOGY AND
CYBER INCIDENT MANAGEMENT
15. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
15
JOIN. ENGAGE. LEAD.
Review personnel and human
resource policies to ensure they will
reasonably minimize the risk of
cyber incidents, including insider
threats.
6. ENSURE ORGANIZATION POLICIES
ALIGN WITH THE INCIDENT
RESPONSE PLAN
16. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
16
JOIN. ENGAGE. LEAD.
6. ENSURE ORGANIZATION POLICIES ALIGN
WITH THE INCIDENT RESPONSE PLAN (CONT.)
Proper personnel and IT
policies may help prevent a
cyber incident.
17. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
17
JOIN. ENGAGE. LEAD.
Having a point of contact and a
preexisting relationship will facilitate
any subsequent interaction that
may occur if your organization
needs to enlist assistance from law
enforcement agencies.
7. ENGAGE WITH LAW
ENFORCEMENT BEFORE AN
INCIDENT
18. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
18
JOIN. ENGAGE. LEAD.
7. ENGAGE WITH LAW ENFORCEMENT
BEFORE AN INCIDENT (CONT.)
On a federal level, these
include the Federal
Bureau of Investigation
and the U.S. Secret
Service.
19. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
19
JOIN. ENGAGE. LEAD.
Information-sharing organizations
exist to provide details on new or
commonly exploited vulnerabilities.
8. ESTABLISH INFORMATION-
SHARING RELATIONSHIPS
20. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
20
JOIN. ENGAGE. LEAD.
8. ESTABLISH INFORMATION-SHARING
RELATIONSHIPS (CONT.)
The Financial Services
Information Sharing and
Analysis Center (FSISAC)
provides daily reports on
new cyber attacks.
21. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
21
JOIN. ENGAGE. LEAD.
RESPONDING TO AN INTRUSION
The guidance suggests that you
first assess the nature and scope
of the incident and determine
whether it is an attack or just a
technical glitch.
22. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
22
JOIN. ENGAGE. LEAD.
RESPONDING TO AN INTRUSION (CONT.)
If the incident is an intrusion or
attack, you might consider
rerouting network traffic,
filtering or blocking a distributed
denial-of-service attack, or
isolating all or parts of the
compromised network.
23. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
23
JOIN. ENGAGE. LEAD.
RESPONDING TO AN INTRUSION (CONT.)
Preserve relevant forensic
images and logs and notify
relevant law enforcement
agencies and other potential
victims.
24. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
24
JOIN. ENGAGE. LEAD.
RESPONDING TO AN INTRUSION (CONT.)
You should
not use
compromised
systems to
communicate.
• You should not attempt to access,
damage, or impair another system
that may appear to be involved in
the attack.
25. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
25
JOIN. ENGAGE. LEAD.
Once a your organization has
recovered from an attack, you
should initiate measures to prevent
similar attacks.
AFTER AN ATTACK OR INTRUSION
26. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
26
JOIN. ENGAGE. LEAD.
AFTER AN ATTACK OR INTRUSION (CONT.)
Conduct a post-incident review
of the response and assess the
strengths and weaknesses
of your organization’s performance.
27. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
27
JOIN. ENGAGE. LEAD.
AFTER AN ATTACK OR INTRUSION (CONT.)
Response gaps and
weaknesses should be noted
and discussed and necessary
remedial action taken.
28. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
28
JOIN. ENGAGE. LEAD.
LEARN MORE
The RMA Journal is the award-winning magazine published by The
Risk Management Association:
• It is the only professional journal written by risk practitioners for risk
practitioners.
• Each article is peer reviewed by our Editorial Advisory Board prior to
publication.
• Published 10 times a year, The RMA Journal offers practical advice
on managing risk across the enterprise.
Learn more at:
http://www.rmahq.org/tools-publications/the-rma-journal/the-rma-journal
Become an RMA member and get The RMA Journal free.
29. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
29
JOIN. ENGAGE. LEAD.
SHARE THIS PRESENTATION
Visit http://www.rmahq.org for information on risk management
Visit our blog at http://rmablog.rmahq.org/
RMA is a member-driven professional association whose sole purpose is to
advance sound risk principles in the financial services industry.
RMA helps its members use sound risk principles to improve institutional
performance and financial stability, and enhance the risk competency of
individuals through information, education, peer sharing, and networking.
Become a member today.