SlideShare a Scribd company logo

Craft Your Cyber Incident Response Plan (Before It's Too Late)

Resilient Systems
Resilient Systems
TechnologyBusiness
1 of 22
Download to read offline
Cyber Incident Response © 2011 Co3 Systems, Inc. The information contained herein is proprietary and confidential. Page 1
Agenda §  Introductions §  Cyber Incident Response –  The process –  Tips for getting it right §  Today’s reality with breaches – CSO versus CPO §  Q&A Page 2
Introductions: Today’s Speakers §  Gant Redmon, GC and VP Business Development, Co3 –  Former CPO of Arbor Networks, Inc. –  General Counsel for 12 years §  Ellen Giblin, Privacy Counsel, Ashcroft Law Firm –  Internationally-recognized expert in privacy, data breach, data protection, cyber security, and information management –  Privacy Counsel at Littler Mendelson P.C. –  Privacy Officer for Citizens Financial Group Page 3
CYBER INCIDENT RESPONSE PLANS Page 4
Cyber Incident Response Plans §  Every company should develop a written cyber incident response plan –  Not only is it a good idea, some regulations require it §  The plan should document cyber attack scenarios and define appropriate responses §  The plan should include: –  Response team –  Reporting –  Initial response –  Investigation –  Recovery and follow-up –  Public relations –  Law enforcement Page 5
Cyber Incident Response Team The response team should: •  Identify and classify cyber attack scenarios •  Determine the tools and technology used to detect attacks •  Develop a checklist for handling initial investigations of cyber attacks •  Determine the scope of an internal investigation once an attack has occurred •  Conduct any investigations within the determined scope •  Address data breach issues, including notification requirements •  Conduct follow up reviews on the effectiveness of the company's response to an actual attack Page 6
Discovery and Reporting of Cyber Incidents §  Define procedures for cyber attack discovery and reporting, including: –  Team members who monitor industry practices to ensure that: •  information systems are appropriately updated; and •  information systems are instrumented to allow for early discovery of attacks –  A database to track all reported incidents –  A risk rating to classify all reported incidents (ex. low, medium, or high) and facilitate the appropriate response Page 7
Initial Response to a Cyber Attack •  Conduct a preliminary investigation to determine whether a cyber attack has occurred •  follow the investigation checklist set out in the cyber incident response plan •  The initial response varies depending on the type of attack and level of seriousness. However, the response team should aim to: •  Stop the cyber intrusions from spreading further into the company's computer systems •  Appropriately document the investigation Page 8
Investigating a Cyber Attack §  A formal internal investigation may be required depending on: –  the level of intrusion –  its impact on critical business functions §  An internal investigation allows the company to: –  Fully understand the intrusion –  Fotn its chances of identifying the attacker –  Detect previously-unknown security vulnerabilities –  Identify required improvements to IT systems §  If the company's response team or IT department lacks the capacity or expertise to conduct an internal investigation the company may wish to retain: •  Legal counsel •  A cyber security consultant Page 9
Common Cyber Attack Scenarios •  Cyber attacks often fall into one or more common scenarios •  Anticipate and prepare for these common scenarios in advance and provide preliminary investigatory questions for each •  Obtaining fast and accurate answers to these questions helps shape and expedite the investigation Page 10
Recovery and Follow-Up After a Cyber Attack §  Address the recovery of IT systems by both: –  Eliminating the vulnerabilities exploited by the attacker and any other identified vulnerabilities –  Bringing the repaired systems back online §  Once systems are restored: –  Determine what improvements are needed to prevent similar incidents from reoccurring –  Evaluate how the response team executed the response plan Page 11
The Role of the CPO in a Breach §  Understand the efforts underway by security staff to ‘plug the gaps’ and restore integrity §  Realize that there may be a conflict of interest §  Know how to align and satisfy all our organization’s requirements Page 12
Suggestions §  Working with Security in advance is vital, knowing where the tensions are, and what you’ll do to resolve them is key to success §  Early triage is critical to determining if PI has been exposed §  Establish Executive support in advance of a breach for anything that may look contentious §  Have a clear process that coordinates activities across multiple groups to ensure an efficient organizational response §  Conduct dry runs, simulations or tabletops – it will illuminate where there are potential issues – make sure to test out multiple scenarios Page 13
Security and Privacy – the Yin and the Yang Cyber Incidents •  Cyber breach •  DDoS •  Malware, etc. PII Exposed CISO-Driven CPO-Driven Response Response Combined Response §  IT/Security: protect the integrity and continuity of business operations §  Privacy: protect customers and employees aligning objectives Page 14
5 Rules for Working With Your CSO §  Rule #1: Know Your History –  The modern day CSO has been around about the same amount of time as the CPO –  The CPO title came about in the mid to late 90s with the advent of GLB and HIPAA –  The CSO title (as opposed to the CiSO title) arose after 9/11 with the increased focus on security –  The CPO role weakened following 9/11 but has strengthened as personal information becomes basis of corporate value Page 15
5 Rules for Working With Your CSO §  Rule #2 Accept Your Co-Dependence –  Privacy and Security are intertwined. You can have security without privacy, but you can’t have privacy without security –  You can promise not to share information, but that doesn’t do much good if any hacker can just steal it –  There’s no responding to a data breach if you don’t know about it or you can’t identify what information has been accessed –  IT is generally the real first responder. They are the ER triage of data breach response Page 16
5 Rules for Working With Your CSO §  Rule #3 Empathize with Your CSO –  CSOs stockpile data. CPOs are minimalist. Show your CSO the advantages of cleaning house •  Data retention policy compliance •  eDiscovery advantages •  Less exposure if a breach occurs if there is less sensitive data available –  Follow the Data •  The CSO knows the flow of data within the organization. You need to work with CSO to understand this flow and do your job •  Once you understand the flow of data, you can compare it to the business process that drives that flow •  With an understanding the flow of data and the business process, you can make suggestions that take into consideration the value proposition of the use of customer data •  Many companies see the role of CPO as driving internal process improvement –  Privacy can be an unnatural act for the CSO •  The CSO is charged with protecting the perimeter •  The CPO may be asking the CSO for “holes below the waterline” in the perimeter for purposes of information owner inspection and verification Page 17
5 Rules for Working With Your CSO §  Rule #4 Stop Talking “Privacy” –  Privacy is a loaded word. It’s like saying “conservative” or “liberal.” Use a word your CSO and others can rally around. –  Call it “Information Governance” •  Information governance encompasses information management, security, use, and data strategy •  Information governance can refer to a lifecycle: how we create information, how we keep it safe and secure and accessible during its lifecycle, and how we thoughtfully dispose of it –  Information governance rings true with the legal department •  Can refer to data retention and eDiscovery •  Positions you as a bridge between the GC and CSO •  GCs didn’t go to law school because of their engineering prowess. Give them a hand Page 18
5 Rules for Working With Your CSO §  Rule #5 Keep Your Head Out of the Boat –  A CSO’s role is largely inward looking. They must protect corporate assets and keep the system running –  The CPO’s role is outward facing because they act as the customers' and employees' advocate within the company –  Customer/Client advocacy translates to corporate revenue. Ask yourself what other department uses this argument to drive change within your organization –  The CPO must be business savvy and navigate conflicting interests of business needs, customer expectation and legal requirements –  If the CPO can prove him or herself to be an ally with management in the balancing of concerns, then that CPO will be embraced by those above –  If the CPO is embraced by the management team, the CPO is more likely to be have a good working relationship with the CSO Page 19
5 Rules for Working With Your CSO §  Bonus Rule #6 Embrace Technology to Improve Processes and Efficiency –  CSOs make their career out of using software to improve process – conversations will go well if you speak their language –  CSOs can use software as “breach triage” as well as for escalating events to the CPO –  Using software to diagnose an event makes the outcome and action plan both objective and quantifiable. These are traits valued by both the GC and CSO –  Build a dashboard. CSOs love them as a way to stay in the loop and remain part of an incident response Page 20
Questions © 2011 Co3 Systems, Inc. The information contained herein is proprietary and confidential. Page 21
Thanks! 1 Alewife Center, Suite 450 1100 Main Street, Suite 2710 Cambridge, MA 02140 Kansas City, MO 64105 ph: 617.206.3900 ph: 816.285.7600 e: info@co3sys.com e: info@ashcroftlawfirm.com www.co3sys.com www.ashcroftgroupllc.com/law/ Gartner: “Co3 …define(s) what software packages for privacy look like.” Page 22

Recommended

Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
SSL Nedir
SSL NedirSSL Nedir
SSL NedirKobicini Yazılım
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 

Recommended

Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
SSL Nedir
SSL NedirSSL Nedir
SSL NedirKobicini Yazılım
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Mian
MianMian
MianDom Mike
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeJASJIT SINGH
 
CVE-2015-8562の脆弱性について
CVE-2015-8562の脆弱性についてCVE-2015-8562の脆弱性について
CVE-2015-8562の脆弱性についてYu Iwama
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMahabubur Rahman
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentInfocyte
 
Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationSukhpreet Singh
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 

More Related Content

What's hot

Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
CVE-2015-8562の脆弱性について
CVE-2015-8562の脆弱性についてCVE-2015-8562の脆弱性について
CVE-2015-8562の脆弱性についてYu Iwama
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentInfocyte
 
Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationSukhpreet Singh
 

What's hot (20)

Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
OSINT
OSINTOSINT
OSINT
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Mian
MianMian
Mian
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
CVE-2015-8562の脆弱性について
CVE-2015-8562の脆弱性についてCVE-2015-8562の脆弱性について
CVE-2015-8562の脆弱性について
 
Incident response
Incident responseIncident response
Incident response
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise Assessment
 
Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure Deserialization
 

Viewers also liked

Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachFletcher Media
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response SwimlanesDaniel P Wallace
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
Guida Introduttiva a Google+
Guida Introduttiva a Google+Guida Introduttiva a Google+
Guida Introduttiva a Google+Emanuele Pulli
 
Notable quotations work and workers rights
Notable quotations work and workers rightsNotable quotations work and workers rights
Notable quotations work and workers rightsDenni Domingo
 
SOcial Media Marketing Terms
SOcial Media Marketing TermsSOcial Media Marketing Terms
SOcial Media Marketing TermsSO! What? SOcial.
 
De lijn socialemedia-gerrie smits
De lijn socialemedia-gerrie smitsDe lijn socialemedia-gerrie smits
De lijn socialemedia-gerrie smitsmarketingdag2012
 
SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...
SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...
SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...Investment Capital Group
 

Viewers also liked (20)

Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data Breach
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
 
Incident Response
Incident Response Incident Response
Incident Response
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
 
Nlpdap tanitim
Nlpdap tanitimNlpdap tanitim
Nlpdap tanitim
 
Quotes ~ Inspiration
Quotes ~ InspirationQuotes ~ Inspiration
Quotes ~ Inspiration
 
Wanted & available
Wanted & availableWanted & available
Wanted & available
 
How to #Twitter?
How to #Twitter?How to #Twitter?
How to #Twitter?
 
Guida Introduttiva a Google+
Guida Introduttiva a Google+Guida Introduttiva a Google+
Guida Introduttiva a Google+
 
Rca mk tdag
Rca mk tdagRca mk tdag
Rca mk tdag
 
Industry overview
Industry overviewIndustry overview
Industry overview
 
Notable quotations work and workers rights
Notable quotations work and workers rightsNotable quotations work and workers rights
Notable quotations work and workers rights
 
140811 outline
140811 outline140811 outline
140811 outline
 
SOcial Media Marketing Terms
SOcial Media Marketing TermsSOcial Media Marketing Terms
SOcial Media Marketing Terms
 
De lijn socialemedia-gerrie smits
De lijn socialemedia-gerrie smitsDe lijn socialemedia-gerrie smits
De lijn socialemedia-gerrie smits
 
SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...
SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...
SEO Case Study: How a Small Boston Based Software Company Outranked Dropbox a...
 

Similar to Craft Your Cyber Incident Response Plan (Before It's Too Late)

Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...Financial Poise
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Accellis Technology Group
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 

Similar to Craft Your Cyber Incident Response Plan (Before It's Too Late) (20)

Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 

More from Resilient Systems

You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features Resilient Systems
 
Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Resilient Systems
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Resilient Systems
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaResilient Systems
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeResilient Systems
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUResilient Systems
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksResilient Systems
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The MoneyResilient Systems
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightResilient Systems
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueResilient Systems
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeResilient Systems
 

More from Resilient Systems (20)

You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
 
Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response Imperative
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their Tracks
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The Money
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It Right
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance Issue
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat Landscape
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Craft Your Cyber Incident Response Plan (Before It's Too Late)

  • 1. Cyber Incident Response © 2011 Co3 Systems, Inc. The information contained herein is proprietary and confidential. Page 1
  • 2. Agenda §  Introductions §  Cyber Incident Response –  The process –  Tips for getting it right §  Today’s reality with breaches – CSO versus CPO §  Q&A Page 2
  • 3. Introductions: Today’s Speakers §  Gant Redmon, GC and VP Business Development, Co3 –  Former CPO of Arbor Networks, Inc. –  General Counsel for 12 years §  Ellen Giblin, Privacy Counsel, Ashcroft Law Firm –  Internationally-recognized expert in privacy, data breach, data protection, cyber security, and information management –  Privacy Counsel at Littler Mendelson P.C. –  Privacy Officer for Citizens Financial Group Page 3
  • 5. Cyber Incident Response Plans §  Every company should develop a written cyber incident response plan –  Not only is it a good idea, some regulations require it §  The plan should document cyber attack scenarios and define appropriate responses §  The plan should include: –  Response team –  Reporting –  Initial response –  Investigation –  Recovery and follow-up –  Public relations –  Law enforcement Page 5
  • 6. Cyber Incident Response Team The response team should: •  Identify and classify cyber attack scenarios •  Determine the tools and technology used to detect attacks •  Develop a checklist for handling initial investigations of cyber attacks •  Determine the scope of an internal investigation once an attack has occurred •  Conduct any investigations within the determined scope •  Address data breach issues, including notification requirements •  Conduct follow up reviews on the effectiveness of the company's response to an actual attack Page 6
  • 7. Discovery and Reporting of Cyber Incidents §  Define procedures for cyber attack discovery and reporting, including: –  Team members who monitor industry practices to ensure that: •  information systems are appropriately updated; and •  information systems are instrumented to allow for early discovery of attacks –  A database to track all reported incidents –  A risk rating to classify all reported incidents (ex. low, medium, or high) and facilitate the appropriate response Page 7
  • 8. Initial Response to a Cyber Attack •  Conduct a preliminary investigation to determine whether a cyber attack has occurred •  follow the investigation checklist set out in the cyber incident response plan •  The initial response varies depending on the type of attack and level of seriousness. However, the response team should aim to: •  Stop the cyber intrusions from spreading further into the company's computer systems •  Appropriately document the investigation Page 8
  • 9. Investigating a Cyber Attack §  A formal internal investigation may be required depending on: –  the level of intrusion –  its impact on critical business functions §  An internal investigation allows the company to: –  Fully understand the intrusion –  Fotn its chances of identifying the attacker –  Detect previously-unknown security vulnerabilities –  Identify required improvements to IT systems §  If the company's response team or IT department lacks the capacity or expertise to conduct an internal investigation the company may wish to retain: •  Legal counsel •  A cyber security consultant Page 9
  • 10. Common Cyber Attack Scenarios •  Cyber attacks often fall into one or more common scenarios •  Anticipate and prepare for these common scenarios in advance and provide preliminary investigatory questions for each •  Obtaining fast and accurate answers to these questions helps shape and expedite the investigation Page 10
  • 11. Recovery and Follow-Up After a Cyber Attack §  Address the recovery of IT systems by both: –  Eliminating the vulnerabilities exploited by the attacker and any other identified vulnerabilities –  Bringing the repaired systems back online §  Once systems are restored: –  Determine what improvements are needed to prevent similar incidents from reoccurring –  Evaluate how the response team executed the response plan Page 11
  • 12. The Role of the CPO in a Breach §  Understand the efforts underway by security staff to ‘plug the gaps’ and restore integrity §  Realize that there may be a conflict of interest §  Know how to align and satisfy all our organization’s requirements Page 12
  • 13. Suggestions §  Working with Security in advance is vital, knowing where the tensions are, and what you’ll do to resolve them is key to success §  Early triage is critical to determining if PI has been exposed §  Establish Executive support in advance of a breach for anything that may look contentious §  Have a clear process that coordinates activities across multiple groups to ensure an efficient organizational response §  Conduct dry runs, simulations or tabletops – it will illuminate where there are potential issues – make sure to test out multiple scenarios Page 13
  • 14. Security and Privacy – the Yin and the Yang Cyber Incidents •  Cyber breach •  DDoS •  Malware, etc. PII Exposed CISO-Driven CPO-Driven Response Response Combined Response §  IT/Security: protect the integrity and continuity of business operations §  Privacy: protect customers and employees aligning objectives Page 14
  • 15. 5 Rules for Working With Your CSO §  Rule #1: Know Your History –  The modern day CSO has been around about the same amount of time as the CPO –  The CPO title came about in the mid to late 90s with the advent of GLB and HIPAA –  The CSO title (as opposed to the CiSO title) arose after 9/11 with the increased focus on security –  The CPO role weakened following 9/11 but has strengthened as personal information becomes basis of corporate value Page 15
  • 16. 5 Rules for Working With Your CSO §  Rule #2 Accept Your Co-Dependence –  Privacy and Security are intertwined. You can have security without privacy, but you can’t have privacy without security –  You can promise not to share information, but that doesn’t do much good if any hacker can just steal it –  There’s no responding to a data breach if you don’t know about it or you can’t identify what information has been accessed –  IT is generally the real first responder. They are the ER triage of data breach response Page 16
  • 17. 5 Rules for Working With Your CSO §  Rule #3 Empathize with Your CSO –  CSOs stockpile data. CPOs are minimalist. Show your CSO the advantages of cleaning house •  Data retention policy compliance •  eDiscovery advantages •  Less exposure if a breach occurs if there is less sensitive data available –  Follow the Data •  The CSO knows the flow of data within the organization. You need to work with CSO to understand this flow and do your job •  Once you understand the flow of data, you can compare it to the business process that drives that flow •  With an understanding the flow of data and the business process, you can make suggestions that take into consideration the value proposition of the use of customer data •  Many companies see the role of CPO as driving internal process improvement –  Privacy can be an unnatural act for the CSO •  The CSO is charged with protecting the perimeter •  The CPO may be asking the CSO for “holes below the waterline” in the perimeter for purposes of information owner inspection and verification Page 17
  • 18. 5 Rules for Working With Your CSO §  Rule #4 Stop Talking “Privacy” –  Privacy is a loaded word. It’s like saying “conservative” or “liberal.” Use a word your CSO and others can rally around. –  Call it “Information Governance” •  Information governance encompasses information management, security, use, and data strategy •  Information governance can refer to a lifecycle: how we create information, how we keep it safe and secure and accessible during its lifecycle, and how we thoughtfully dispose of it –  Information governance rings true with the legal department •  Can refer to data retention and eDiscovery •  Positions you as a bridge between the GC and CSO •  GCs didn’t go to law school because of their engineering prowess. Give them a hand Page 18
  • 19. 5 Rules for Working With Your CSO §  Rule #5 Keep Your Head Out of the Boat –  A CSO’s role is largely inward looking. They must protect corporate assets and keep the system running –  The CPO’s role is outward facing because they act as the customers' and employees' advocate within the company –  Customer/Client advocacy translates to corporate revenue. Ask yourself what other department uses this argument to drive change within your organization –  The CPO must be business savvy and navigate conflicting interests of business needs, customer expectation and legal requirements –  If the CPO can prove him or herself to be an ally with management in the balancing of concerns, then that CPO will be embraced by those above –  If the CPO is embraced by the management team, the CPO is more likely to be have a good working relationship with the CSO Page 19
  • 20. 5 Rules for Working With Your CSO §  Bonus Rule #6 Embrace Technology to Improve Processes and Efficiency –  CSOs make their career out of using software to improve process – conversations will go well if you speak their language –  CSOs can use software as “breach triage” as well as for escalating events to the CPO –  Using software to diagnose an event makes the outcome and action plan both objective and quantifiable. These are traits valued by both the GC and CSO –  Build a dashboard. CSOs love them as a way to stay in the loop and remain part of an incident response Page 20
  • 21. Questions © 2011 Co3 Systems, Inc. The information contained herein is proprietary and confidential. Page 21
  • 22. Thanks! 1 Alewife Center, Suite 450 1100 Main Street, Suite 2710 Cambridge, MA 02140 Kansas City, MO 64105 ph: 617.206.3900 ph: 816.285.7600 e: info@co3sys.com e: info@ashcroftlawfirm.com www.co3sys.com www.ashcroftgroupllc.com/law/ Gartner: “Co3 …define(s) what software packages for privacy look like.” Page 22