๐ฑDehradun Call Girls Service ๐ฑโ๏ธ +91'905,3900,678 โ๏ธ๐ฑ Call Girls In Dehradun ๐ฑ
ย
Purple seven-ntxissacsc5 walcutt
1. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Tabletop exercises ARE more fun
than setting fires
Christopher Walcutt, CISM, CISSP
Director
DirectDefense
11/11/2017
2. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Why Tabletop?
2
This Photo by Unknown Author is licensed under CC BY-NC-SA
4. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Why Now?
4
This Photo by Unknown Author is licensed under CC BY-NC-SA
Information
Sharing
5. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
What to Expect?
5
Simulated exercise Designed to challenge
Foster interaction and
communication across
organizations
Coordinated physical and
cyber attacks
Practice, Practice, Practice!Check your readiness
KNOW the phases
6. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Whoโs involved?
6
Planning (Security/Business Continuity)
Business HR Execs
Physical
Security
Corp
Comms
IT
7. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
How it works?
7
8. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
You are not alone
8
9. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Expectations of you
9
Full two day commitment
Need buy-in and support from management to participate
No โday jobโ activities during the exercise
Teamwork is key
Be prepared to learn and teach
Most scenarios will require multiple disciplines/skill sets
Scenarios will change during the course of the day
Effective communication is essential
10. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
What to Expect?
10
โข Post meeting discussions
โข Establish Incident Command Structure positions
โข Determine future meeting schedule
โข Where, when, and how long to meet
โข Determine how communications will be handled
โข SharePoint or other appropriate site
โข Identify other groups needed to participate
โข Continue to mature the exercise
โข Metrics
โข Simulations
โข Advanced Attack Methods
โข Increased Information Protection
11. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
What to Expect?
11
12. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Incident Reporting
12
โข Regulators
โข Industry ISACs (REN-ISAC,
FS-ISAC, E-ISAC)
โข Timing Requirements
โข Interface with third parties
โข Contractual Requirements
โข Insurance Requirements
โข Outside Counsel
13. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
What the MSEL?
13
Injects are scenarios
They appear quickly and overlap
Designed to test and may induce stress
Beware the modifiers
Take notes
Stay engaged
Phone a friend
Use the facilitator
17. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
Roles
โขInterfaces directly with the AC
โขCoordinates incident response activities
โขEmpowered to make departmental decisions
Deputy Incident
Commander (D-IC)
โขFills the same role as the D-IC
Backup Deputy
Incident Commander
โขCollects, evaluates, and disseminates information
โขMaintains intelligence on the situation
โขMaintains and monitors status of resources assigned to the incident
โขCoordinates department on-call and schedule rotations, vendor services
Planning Section
Chief (P-SC)
โขManages on-scene tactical operations goals
โขGoals relate to mitigation/remediation, protection and control
โขCollect and preserve data
โขLiaison between incident personnel and D-IC
Operations Section
Chief (O-SC)
17
18. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
ACTIVATING THE SIRT
18
SIRT must be contacted when the incident classification table is utilized!
State Public Commission Committee must be notified if incidents meet CIP parameters!
19. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
DOCUMENT STRUCTURE
19
โข UIRP:
โข This document addresses cyber and physical security events affecting corporate assets which may
negatively impact the risk posture of the corporation
โข This document covers a corporate-level framework; individual departments are responsible for
creating detailed procedures
โข Personnel involved in this framework are part of the IUSAN Incident Command System (ICS)
โข ICS:
โข A two-tiered command structure coordinated at a company level by the Area Command layer and
specific division level activities carried out by the Incident Command layer
โข Enacted for physical and cyber incidents that are not related to storms
โข The UIRP document and ICS structure must meet requirements laid out by:
โข National Institute of Standards and Technology (SP 800-61 Rev 2, SP 800-122)
โข International Organization for Standardization ISO/IEC 27035:2011
โข North American Electric Reliability Corporation CIP-008-5
โข Sarbanes-Oxley Act of 2002
23. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
LESSONS LEARNED
23
Normal Operations
& Contingency
Planning
Incident
Response
Training
Information
Sharing
Security Clearances
Off-hours Support from Spain
Event Notification, Discussions, and Training
OT Backbone Network Monitoring
Electric Operations Resource Prioritization
SDLC with Security Focus
Resourcing During Events
Corporate Mechanism for Lessons Learned
Paper Copies of Procedures (Go Bags)
Hot Line Phones
Criteria for IT / OT Network Disconnect
Reviewing Recent Alerts / Past Events
Talking Points for PLO / PIO Execs
Data Owner / Data Custodian
First Responder Training / Forensics
Notification Sharing & Repository
Notification Triggers
Central Inventory Repository
Estimated Time to Recovery
Asset Classification
Data Retention
Baseline Configuration
People
Process
Technology
24. NTXISSA Cyber Security Conference โ November 10-11, 2017
@NTXISSA #NTXISSACSC5
LESSONS LEARNED PLANNING
24
Post Exercise โ 5-Year Development Plan