SlideShare a Scribd company logo

Responsibilities of the CSIRT--abss.pptx

Download as PPTX, PDF
M
MuhammadAbdullah311866

Responsibilities of the CSIRT

Education
1 of 15
Responsibilities of the CSIRT • Classify security incidents. • Convene upon notification of a reported computer security incident. • Conduct a preliminary assessment to determine the root cause, source, nature, extent of damage. • Recommend response to a computer security incident. • Select additional support members as necessary for the reported incident. • Maintain confidentiality of information related to incidents. • Assist with recovery efforts and provide reports to the CIO. • Document incidents as appropriate. Examples include: lessons learned and recommended actions. • Report incidents to the Information Security and Privacy Office. • Maintain awareness of and implement procedures for effective response to computer security incidents. • Stay current on functional and security operations for the technologies within their area of responsibility.
Classification of Security Incidents The CSIRT will classify each incident as a Class 1, Class 2, or Class 3 incident based upon risk severity. The following criteria are used to determine incident classification: Expanse of Service Disruption Data Classification Legal Issues Policy Infraction Public Interest Threat Potential Business Impact
Class 1 Incident: Low Severity A Class 1 incident is any incident that has a low impact to university information technology resources and is contained within the unit. • The following criteria define Class 1 incidents: 1. Data classification: Unauthorized disclosure of confidential information has not occurred. 2. Legal issues: Lost or stolen hardware that has low monetary value or is not part of a mission critical system. 3. Business impact: Incident does not involve mission critical services. 4. Expanse of service disruption: Incident is within a single unit. 5. Threat potential: Threat to other information technology resources is minimal. 6. Public interest: Low potential for public interest. 7. Policy infraction: Security policy violations determined by the university.
Class 2 Incident: Moderate Severity A Class 2 incident is any incident that has a moderate impact to university information technology resources and is contained within the unit. • The following criteria define Class 2 incidents: 1. Data classification: Unauthorized disclosure of confidential information has not been determined. 2. Legal issues: Lost or stolen hardware with high monetary value or that is part of mission critical system. 3. Business impact: Incident involves mission critical services. 4. Expanse of service disruption: Incident affects multiple units within the university. 5. Threat potential: Threat to other university information technology resources is possible. 6. Public interest: There is the potential for public interest. 7. Policy infraction: Security policy violations determined by the university.
Class 3 Incident: High Severity A Class 3 incident is any incident that has impacted or has the potential to impact other external information technology resources and/or events of public interest. • The following criteria define Class 3 incidents: 1. Data classification: Unauthorized disclosure of confidential information has occurred outside the university. 2. Legal issues: Incident investigation and response is transferred to law enforcement. 3. Business impact: Threat to other university information technology resources is high. 4. Expanse of service disruption: Disruption is wide spread across the university and/or other entities. 5. Threat potential: Incident has potential to become wide spread across the university and/or threatens external, third-party information technology resources. 6. Public interest: There is active public interest in the incident. 7. Policy infraction: Security policy violations determined by the university.
Reporting Process The CSIRT Leader reports and documents all incidents classified or reclassified as a Class 2 or Class 3 incidents. The Report should include the following: Executive Summary Description of the Incident CSIRT Members Participating CSIRT Findings Conclusions Recommendations
General Procedures • End users need to communicate computer incidents to unit ISMs. • Information security managers must immediately notify the FSU IT Security Incident Officer of Incident. • Payment card data breach – the department head notifies the Security manager who then notifies the Director of Information Security and Privacy of the incident. • Information security manager notifies the Police Department involving threats to human beings, property, child pornography, or breach of CJIS information. • External Law enforcement if needed will be referred to the FSUPD who will serve as liaison during the Security Investigations. • General Counsel, Director of Information Security and Privacy, and FSUPD must be notified when a subpoena is issued.
REPORTING OF it Security Incidents • Different departments will become involved in the remediation of an incident. • Criminal activities should be reported to FSUPD • Employee misconduct, both criminal and otherwise should be reported to HR. • Incidents of technical nature from an external source should be reported to the Director Information Security & Privacy. • All University data should be classified into one of three levels: • Level 1 – Protected • Level 2 – Private • Level 3 – Public
IT security Incidents reported to FSUPD • Electronic transmission / storage of child pornography • Electronic transmission of threats to the physical safety of human beings or physical assets • Harassment and other criminal offenses involving user accounts • Loss or theft of computing device • Using FSU computing resource in the commission of a fraudulent activity against the university, individual, or outside entity. • Incidents involving a breach of CJIS information.
IT security Incidents reported to Human resources • Misuse of FSU IT resources is described in 4-OP-H-5 with some examples below: • Commercial use of IT resources that is not pre-approved • Advertisement for personal gain in FSU.EDU websites • Use of IT resources that interferes with the performance of employee’s job • Use of IT resources that result in an incremental cost to the University
Types of major security incidents Reported to the FSU Director of information security and privacy • Breach of Personal Identifiable Information (PII). • Root or system-level attacks on mission critical information system(s) desktop, laptop, tablet, server, storage device, or network infrastructure. • Compromise of restricted protected service accounts or software installations, for data classified as “Protected” or “Private”. • Denial of Service attacks that Impair FSU resources. • Malicious code attacks including malware infections on devices that allow an unauthorized user access to data.
Types of major security incidents Reported (con’t) • Open mail relay used to forward spam or other unauthorized communications with FSU email system. • Compromise user logon account credentials. • Denial of service on individual user accounts • Other attacks that may constitute a risk to confidentiality, integrity, or availability of university data or systems.
Types of Minor security incidents • Virus infections on servers and end-points
Departmental response to IT security incidents • Isolation and Protection of Compromised Devices • Discontinue use of that device immediately • Do not power off the device • Disconnect the Network Cable at the Network Jack • Isolate computer to prevent any further use. • Preserve logs • Contact FSUPD, HR, Director of Information Security and Privacy, to assist in investigation • If necessary get a backup of the hard drive. • Identification of Personally Identifiable Data • Calculation of Campus Unit Fiscal Cost to Remediate
Type of Attacks Phishing Ransomware Denial of Service Stolen Property Compromised File

Recommended

Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response Management
Don Caeiro
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
Juliette Foine
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
Kaufman & Canoles
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
E Andrew Keeney
 

Recommended

Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response Management
Don Caeiro
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
Juliette Foine
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
Kaufman & Canoles
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
E Andrew Keeney
 
Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5
sabtolinux
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
JhaiJhai6
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
IbrahimAl22
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
gtrajasekaran1
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
Atika Zaimi
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security background
Nicholas Davis
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
Dibyesh1
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
File000119
File000119File000119
File000119
Desmond Devendran
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
Rohana K Amarakoon
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
Rohana K Amarakoon
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk
Tanujpandey5
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
Neha Agarwal
 
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
MuhammadAbdullah311866
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
MuhammadAbdullah311866
 

More Related Content

Similar to Responsibilities of the CSIRT--abss.pptx

Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5
sabtolinux
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security background
Nicholas Davis
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
Neha Agarwal
 

Similar to Responsibilities of the CSIRT--abss.pptx (20)

Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
 
Incident Response
Incident Response Incident Response
Incident Response
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
File000119
File000119File000119
File000119
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 

More from MuhammadAbdullah311866

Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptx
MuhammadAbdullah311866
 

More from MuhammadAbdullah311866 (20)

NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
presentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxpresentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptx
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptx
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptx
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxFusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
 
bash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfbash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdf
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptx
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptx
 
package module in the python environement.pptx
package module in the python environement.pptxpackage module in the python environement.pptx
package module in the python environement.pptx
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptx
 
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
 
overview of principles of computerss.ppt
overview of principles of computerss.pptoverview of principles of computerss.ppt
overview of principles of computerss.ppt
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.ppt
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.ppt
 
compatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptcompatibility and complexity in the IS.ppt
compatibility and complexity in the IS.ppt
 
turning test, how it works and winners.ppt
turning test, how it works and winners.pptturning test, how it works and winners.ppt
turning test, how it works and winners.ppt
 
games, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptgames, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .ppt
 
Authentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptAuthentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.ppt
 
PTE-A Coaching- information slidess.pptx
PTE-A Coaching- information slidess.pptxPTE-A Coaching- information slidess.pptx
PTE-A Coaching- information slidess.pptx
 

Recently uploaded

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Recently uploaded (20)

Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

Responsibilities of the CSIRT--abss.pptx

  • 1. Responsibilities of the CSIRT • Classify security incidents. • Convene upon notification of a reported computer security incident. • Conduct a preliminary assessment to determine the root cause, source, nature, extent of damage. • Recommend response to a computer security incident. • Select additional support members as necessary for the reported incident. • Maintain confidentiality of information related to incidents. • Assist with recovery efforts and provide reports to the CIO. • Document incidents as appropriate. Examples include: lessons learned and recommended actions. • Report incidents to the Information Security and Privacy Office. • Maintain awareness of and implement procedures for effective response to computer security incidents. • Stay current on functional and security operations for the technologies within their area of responsibility.
  • 2. Classification of Security Incidents The CSIRT will classify each incident as a Class 1, Class 2, or Class 3 incident based upon risk severity. The following criteria are used to determine incident classification: Expanse of Service Disruption Data Classification Legal Issues Policy Infraction Public Interest Threat Potential Business Impact
  • 3. Class 1 Incident: Low Severity A Class 1 incident is any incident that has a low impact to university information technology resources and is contained within the unit. • The following criteria define Class 1 incidents: 1. Data classification: Unauthorized disclosure of confidential information has not occurred. 2. Legal issues: Lost or stolen hardware that has low monetary value or is not part of a mission critical system. 3. Business impact: Incident does not involve mission critical services. 4. Expanse of service disruption: Incident is within a single unit. 5. Threat potential: Threat to other information technology resources is minimal. 6. Public interest: Low potential for public interest. 7. Policy infraction: Security policy violations determined by the university.
  • 4. Class 2 Incident: Moderate Severity A Class 2 incident is any incident that has a moderate impact to university information technology resources and is contained within the unit. • The following criteria define Class 2 incidents: 1. Data classification: Unauthorized disclosure of confidential information has not been determined. 2. Legal issues: Lost or stolen hardware with high monetary value or that is part of mission critical system. 3. Business impact: Incident involves mission critical services. 4. Expanse of service disruption: Incident affects multiple units within the university. 5. Threat potential: Threat to other university information technology resources is possible. 6. Public interest: There is the potential for public interest. 7. Policy infraction: Security policy violations determined by the university.
  • 5. Class 3 Incident: High Severity A Class 3 incident is any incident that has impacted or has the potential to impact other external information technology resources and/or events of public interest. • The following criteria define Class 3 incidents: 1. Data classification: Unauthorized disclosure of confidential information has occurred outside the university. 2. Legal issues: Incident investigation and response is transferred to law enforcement. 3. Business impact: Threat to other university information technology resources is high. 4. Expanse of service disruption: Disruption is wide spread across the university and/or other entities. 5. Threat potential: Incident has potential to become wide spread across the university and/or threatens external, third-party information technology resources. 6. Public interest: There is active public interest in the incident. 7. Policy infraction: Security policy violations determined by the university.
  • 6. Reporting Process The CSIRT Leader reports and documents all incidents classified or reclassified as a Class 2 or Class 3 incidents. The Report should include the following: Executive Summary Description of the Incident CSIRT Members Participating CSIRT Findings Conclusions Recommendations
  • 7. General Procedures • End users need to communicate computer incidents to unit ISMs. • Information security managers must immediately notify the FSU IT Security Incident Officer of Incident. • Payment card data breach – the department head notifies the Security manager who then notifies the Director of Information Security and Privacy of the incident. • Information security manager notifies the Police Department involving threats to human beings, property, child pornography, or breach of CJIS information. • External Law enforcement if needed will be referred to the FSUPD who will serve as liaison during the Security Investigations. • General Counsel, Director of Information Security and Privacy, and FSUPD must be notified when a subpoena is issued.
  • 8. REPORTING OF it Security Incidents • Different departments will become involved in the remediation of an incident. • Criminal activities should be reported to FSUPD • Employee misconduct, both criminal and otherwise should be reported to HR. • Incidents of technical nature from an external source should be reported to the Director Information Security & Privacy. • All University data should be classified into one of three levels: • Level 1 – Protected • Level 2 – Private • Level 3 – Public
  • 9. IT security Incidents reported to FSUPD • Electronic transmission / storage of child pornography • Electronic transmission of threats to the physical safety of human beings or physical assets • Harassment and other criminal offenses involving user accounts • Loss or theft of computing device • Using FSU computing resource in the commission of a fraudulent activity against the university, individual, or outside entity. • Incidents involving a breach of CJIS information.
  • 10. IT security Incidents reported to Human resources • Misuse of FSU IT resources is described in 4-OP-H-5 with some examples below: • Commercial use of IT resources that is not pre-approved • Advertisement for personal gain in FSU.EDU websites • Use of IT resources that interferes with the performance of employee’s job • Use of IT resources that result in an incremental cost to the University
  • 11. Types of major security incidents Reported to the FSU Director of information security and privacy • Breach of Personal Identifiable Information (PII). • Root or system-level attacks on mission critical information system(s) desktop, laptop, tablet, server, storage device, or network infrastructure. • Compromise of restricted protected service accounts or software installations, for data classified as “Protected” or “Private”. • Denial of Service attacks that Impair FSU resources. • Malicious code attacks including malware infections on devices that allow an unauthorized user access to data.
  • 12. Types of major security incidents Reported (con’t) • Open mail relay used to forward spam or other unauthorized communications with FSU email system. • Compromise user logon account credentials. • Denial of service on individual user accounts • Other attacks that may constitute a risk to confidentiality, integrity, or availability of university data or systems.
  • 13. Types of Minor security incidents • Virus infections on servers and end-points
  • 14. Departmental response to IT security incidents • Isolation and Protection of Compromised Devices • Discontinue use of that device immediately • Do not power off the device • Disconnect the Network Cable at the Network Jack • Isolate computer to prevent any further use. • Preserve logs • Contact FSUPD, HR, Director of Information Security and Privacy, to assist in investigation • If necessary get a backup of the hard drive. • Identification of Personally Identifiable Data • Calculation of Campus Unit Fiscal Cost to Remediate
  • 15. Type of Attacks Phishing Ransomware Denial of Service Stolen Property Compromised File