SlideShare a Scribd company logo

What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group

Download as PPTX, PDF
Accellis Technology Group
Accellis Technology Group

A cyberattack can easily cripple your law firm so even a basic plan can save your firm in the long run. Learn how to build a plan that will protect your firm from being damaged.

1 of 17
What To Do After A Cyberattack: A Cybersecurity Incident Response Plan
www.accellis.com TheThree A’s of Incident Response
The Importance • 1 in 4 law firms have reported being breached according to ABA survey • Regulatory, insurance, and client confidentiality concerns • Remove the paralysis and get back to business faster, safer • Demonstrate the firm is serious about cybersecurity www.accellis.com
The Three A’s of Incident Response 1. Ammunition: Incident response tools are the first line of defense. Check lists, trained teams, IT support, and more are the ammunition of an effective Response. 2. Attribution: Understanding where an attack is coming from can help you understand an attacker’s intention as well as their technique, especially if you use real- time threat intelligence. 3. Awareness: The most fundamental security control is an educated and aware user. Effective incident identification AND recovery often starts and ends with a well-informed end-user. www.accellis.com
www.accellis.com Building YourTeam
The Members • Security Manager/Security Committee: Point for coordinating the Incident Response • IT Director/Staff: Provides technical support and response to contain the threat while preserving forensic data • Marketing/Public Relations: Coordinates efforts related to client communication • Managing Partner/Exec. Committee: Makes business decisions regarding the firm’s response www.accellis.com
www.accellis.com Your Response Planning Guide
Response Stages 1. Identification/Investigation 2. Containment 3. Eradication/Recovery 4. Communications/Reporting Obligations 5. Documentation www.accellis.com
Response Planning www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committe • Forensics Group/IT Staff • IT Staff • Security Manager/Co mmittee • Security Manager/Committee • Firm Leadership • Authorities, Insurance • Security Manager/Com mittee • IT Staff Key Questions & Tasks • Is this an incident that requires attention now? • Which assets are impacted? • When did the event occur? • Is the threat isolated? • What are the containment options? • Initiate containment plan • First stop the spread or close NW gap • Determine if the fix will delete forensic evidence (if needed)? • Will new equipment be required? • Is Response team required? • Notify Firm Stakeholders • Will outside counsel be needed? • Do authorities need to be contacted? • What systems and data were affected? • How did it happen? • What can be done to mitigate the risk in the future?
What's Unique To Law Firms • Law firms are data driven • Practice areas dictate specific approach to incident response • Health Law: HIPPA obligations • Tax Law: IRS regulations • Specific Client Requirements: Large banks, IP, etc... www.accellis.com
Malware Infection www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Malware Infection • Immediate action required to review affected assets • Knowing the date helps in finding how long the infection has been going on • Isolate the infected PC/Server from the network. This prevents the infection from spreading or causing more issues • Preforming Viruses scans or complete wipe and re- install • If required, forensic imaging is to occur first prior to re-imaging desktop • Response team is notified • Depending on type of virus and if information is accessed, stake holders should be notified • Update virus signatures • Document unique identifiers of the infection to create new rules/alerts
Unauthorized Access www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Marketing • Security Manager/ Committee • IT Staff Unauthorized Access • Immediate action required to find the point of entry and what systems were accessed • Discovery of affected systems will also aid with corrective and preventative controls in the future. • Disable user account and notify affected user • Review of file audit logs to determine what information was accessed. • Change all passwords associated with the affected users account • Incorporate account lock out policies • Gather and preserve all access log information • Response team notified • Stakeholders and clients are to be notified depending on information that was accessed. Document the incident
Mobile Device Loss www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Mobile Device Loss • Immediate attention is required • Determine end user and what kind of device was lost • Resetting end user’s account access • Remote wipe of the lost device (Laptop, tablet, smart phone) • Replace device • Notifying the Response team is optional • Stakeholders should be notified if sensitive information was on the device • Update asset inventory • Update insurance policy if necessary
www.accellis.com Key Tips
Key Tips • Get executive and partner buy-in • Document everything you can BEFORE an incident • Fully understand your cybersecurity insurance policy • Know the response notification laws where you practice • Write it out, then try it through table-top exercises, make adjustments, and practice it again • Keep your response fully documented www.accellis.com
Key Tips • Incident response plan isn’t just an IT thing, it requires multiple people on many levels communicating together • Reduce downtime through quick responses • Clients and other stakeholders are reassured the firm takes cybersecurity seriously www.accellis.com
About Accellis Technology Group Specialized IT Services Company providing • Managed IT Services • Cybersecurity & Risk Management • Software Consulting • Application Development & Integration Target market: small to mid-sized firms (5-250 users) Target verticals: legal, financial and non-profits 20 Employees in Ohio office www.accellis.com

Recommended

Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
)k
)k)k
)k
Anne Starr
 
Sec4
Sec4Sec4
Sec4
Anne Starr
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
AlienVault
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
MLG College of Learning, Inc
 

Recommended

Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
)k
)k)k
)k
Anne Starr
 
Sec4
Sec4Sec4
Sec4
Anne Starr
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
AlienVault
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
MLG College of Learning, Inc
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
Ashley Deuble
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
JudyEvans8
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
David Sweigert
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
CAS
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk
Tanujpandey5
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
Karthikeyan Dhayalan
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
Saazan Shrestha
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
EnclaveSecurity
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
Austin Songer
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 

More Related Content

What's hot

How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
Ashley Deuble
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
JudyEvans8
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
David Sweigert
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
CAS
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk
Tanujpandey5
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
Karthikeyan Dhayalan
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
Saazan Shrestha
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
EnclaveSecurity
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
Austin Songer
 

What's hot (20)

How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Information Security
Information SecurityInformation Security
Information Security
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
 

Similar to What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group

IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
Quarles & Brady
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
Sam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
Sam Bowne
 
Lecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptxLecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptx
prasadsanjaya2
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
IGN MANTRA
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
Naor Penso
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Incident Response
Incident ResponseIncident Response
Incident Response
primeteacher32
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
Chinatu Uzuegbu
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
Shreeveni
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
Directorate of Information Security | Ditjen Aptika
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
JkYt1
 

Similar to What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group (20)

IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Incident response
Incident responseIncident response
Incident response
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
 
Lecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptxLecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptx
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Soc
SocSoc
Soc
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
 

More from Accellis Technology Group

Webinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 AppsWebinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 Apps
Accellis Technology Group
 
Webinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud CollaborationWebinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud Collaboration
Accellis Technology Group
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the Cloud
Accellis Technology Group
 
Webinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It WrongWebinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It Wrong
Accellis Technology Group
 
Cyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology GroupCyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology Group
Accellis Technology Group
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Accellis Technology Group
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Accellis Technology Group
 
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Accellis Technology Group
 
Art of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology GroupArt of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology Group
Accellis Technology Group
 

More from Accellis Technology Group (9)

Webinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 AppsWebinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 Apps
 
Webinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud CollaborationWebinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud Collaboration
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the Cloud
 
Webinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It WrongWebinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It Wrong
 
Cyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology GroupCyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology Group
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
 
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
 
Art of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology GroupArt of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology Group
 

Recently uploaded

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 

Recently uploaded (20)

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 

What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group

  • 1. What To Do After A Cyberattack: A Cybersecurity Incident Response Plan
  • 3. The Importance • 1 in 4 law firms have reported being breached according to ABA survey • Regulatory, insurance, and client confidentiality concerns • Remove the paralysis and get back to business faster, safer • Demonstrate the firm is serious about cybersecurity www.accellis.com
  • 4. The Three A’s of Incident Response 1. Ammunition: Incident response tools are the first line of defense. Check lists, trained teams, IT support, and more are the ammunition of an effective Response. 2. Attribution: Understanding where an attack is coming from can help you understand an attacker’s intention as well as their technique, especially if you use real- time threat intelligence. 3. Awareness: The most fundamental security control is an educated and aware user. Effective incident identification AND recovery often starts and ends with a well-informed end-user. www.accellis.com
  • 6. The Members • Security Manager/Security Committee: Point for coordinating the Incident Response • IT Director/Staff: Provides technical support and response to contain the threat while preserving forensic data • Marketing/Public Relations: Coordinates efforts related to client communication • Managing Partner/Exec. Committee: Makes business decisions regarding the firm’s response www.accellis.com
  • 8. Response Stages 1. Identification/Investigation 2. Containment 3. Eradication/Recovery 4. Communications/Reporting Obligations 5. Documentation www.accellis.com
  • 9. Response Planning www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committe • Forensics Group/IT Staff • IT Staff • Security Manager/Co mmittee • Security Manager/Committee • Firm Leadership • Authorities, Insurance • Security Manager/Com mittee • IT Staff Key Questions & Tasks • Is this an incident that requires attention now? • Which assets are impacted? • When did the event occur? • Is the threat isolated? • What are the containment options? • Initiate containment plan • First stop the spread or close NW gap • Determine if the fix will delete forensic evidence (if needed)? • Will new equipment be required? • Is Response team required? • Notify Firm Stakeholders • Will outside counsel be needed? • Do authorities need to be contacted? • What systems and data were affected? • How did it happen? • What can be done to mitigate the risk in the future?
  • 10. What's Unique To Law Firms • Law firms are data driven • Practice areas dictate specific approach to incident response • Health Law: HIPPA obligations • Tax Law: IRS regulations • Specific Client Requirements: Large banks, IP, etc... www.accellis.com
  • 11. Malware Infection www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Malware Infection • Immediate action required to review affected assets • Knowing the date helps in finding how long the infection has been going on • Isolate the infected PC/Server from the network. This prevents the infection from spreading or causing more issues • Preforming Viruses scans or complete wipe and re- install • If required, forensic imaging is to occur first prior to re-imaging desktop • Response team is notified • Depending on type of virus and if information is accessed, stake holders should be notified • Update virus signatures • Document unique identifiers of the infection to create new rules/alerts
  • 12. Unauthorized Access www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Marketing • Security Manager/ Committee • IT Staff Unauthorized Access • Immediate action required to find the point of entry and what systems were accessed • Discovery of affected systems will also aid with corrective and preventative controls in the future. • Disable user account and notify affected user • Review of file audit logs to determine what information was accessed. • Change all passwords associated with the affected users account • Incorporate account lock out policies • Gather and preserve all access log information • Response team notified • Stakeholders and clients are to be notified depending on information that was accessed. Document the incident
  • 13. Mobile Device Loss www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Mobile Device Loss • Immediate attention is required • Determine end user and what kind of device was lost • Resetting end user’s account access • Remote wipe of the lost device (Laptop, tablet, smart phone) • Replace device • Notifying the Response team is optional • Stakeholders should be notified if sensitive information was on the device • Update asset inventory • Update insurance policy if necessary
  • 15. Key Tips • Get executive and partner buy-in • Document everything you can BEFORE an incident • Fully understand your cybersecurity insurance policy • Know the response notification laws where you practice • Write it out, then try it through table-top exercises, make adjustments, and practice it again • Keep your response fully documented www.accellis.com
  • 16. Key Tips • Incident response plan isn’t just an IT thing, it requires multiple people on many levels communicating together • Reduce downtime through quick responses • Clients and other stakeholders are reassured the firm takes cybersecurity seriously www.accellis.com
  • 17. About Accellis Technology Group Specialized IT Services Company providing • Managed IT Services • Cybersecurity & Risk Management • Software Consulting • Application Development & Integration Target market: small to mid-sized firms (5-250 users) Target verticals: legal, financial and non-profits 20 Employees in Ohio office www.accellis.com