EU Cyber Attacks And The Incident Response Imperative
-
Upload
co3-systems -
Category
Technology
-
view
670 -
download
1
description
Transcript of EU Cyber Attacks And The Incident Response Imperative
![Page 1: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/1.jpg)
1
“Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
– PC Magazine, Editor’s Choice
“Co3…defines what software packages for privacy look like.”
– Gartner
“Platform is comprehensive, user friendly, and very well designed.”
– Ponemon Institute
“One of the most important startups in security…”
– Business Insider
“One of the hottest products at RSA…”
– Network World
“...an invaluable weapon when responding to security incidents.”
– Government Computer News
“Co3 has done better than a home-run... it has knocked one out of the park.”
– SC Magazine
“Most Innovative Security Startup.”
– RSA Conference
We’ll get started
in just a minute.
![Page 2: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/2.jpg)
EU Cyber Attacks & The
Incident Response
Imperative
![Page 3: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/3.jpg)
3
Agenda
Introductions
Co3 Systems Background
Today’s Breach Reality
IR Functional Components
IR Management Demo
Q&A
![Page 4: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/4.jpg)
4
Introductions: Today’s Speakers
• Ted Julian, Chief Marketing Officer, Co3 Systems
• Tim Armstrong, Security Incident Response Specialist, Co3 Systems
![Page 5: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/5.jpg)
5
SS
AE
16
TY
PE
II C
ER
TIF
IED
D
AS
HB
OA
RD
S &
RE
PO
RT
ING
Bringing people, process, and technology together for times of crisis
I N C I D E N T R E S P O N S E P L A N
PLAN SYNTHESIS INTEGRATED INTELLIGENCE ARTIFACT CORRELATION
INSTANT CREATION
& STREAMLINED
COLLABORATION
HR IT
LEGAL/ COMPLIANCE MARKETING
COMMUNITY BEST
PRACTICES
INDUSTRY STANDARD
FRAMEWORKS
ORGANIZATIONAL SOPS
GLOBAL PRIVACY BREACH REGULATIONS
CONTRACTUAL REQUIREMENTS
ACCELERATED MITIGATION TROUBLE TICKETING SIM GRC
AUTOMATED ESCALATION EMAIL WEB FORM TROUBLE TICKETING ENTRY WIZARD SIM
![Page 6: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/6.jpg)
6
Today’s Breach Reality – The EU Conundrum
• Data in the U.S. and anecdotal experience suggests a worldwide epidemic
• But without mandated public breach disclosure across the E.U., data is limited, and it’s hard to quantify
![Page 7: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/7.jpg)
7
Today’s Breach Reality
Source: Verizon DBIR 2014
Incident classification patterns over time
![Page 8: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/8.jpg)
8
Today’s Breach Reality
81% of large organisations had a security breach (down from
86%* a year ago)
60% of small businesses had a security breach (down from
64%* a year ago)
59% of respondents expect there will be more security
incidents in the next year than last
£600k -
£1.15m
average cost to a large organisation of its worst security
breach of the year (up from £450 - £850k a year ago)
£65k -
£115k
average cost to a small business of its worst security
breach of the year (up from £35 - £65k a year ago)
Source: 2014 Information Security Breaches Survey, pwc
U.K. Breaches Are Slightly Down
But Costs Are Way Up
![Page 9: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/9.jpg)
9
Co3 Systems, Inc.
IR Can Help
An IR Plan and a Strong security posture reduce expense
Impact of eight factors on the per capita cost of data breach
Source: 2014 Cost of Data Breach Study: Global Analysis
IBM & Ponemon Institute
![Page 10: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/10.jpg)
POLL
![Page 11: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/11.jpg)
11
The IR Lifecycle
Prepare Improve Organizational Readiness
• Appoint team members
• Fine tune response SOPs
• Link in legacy applications
• Run simulations (fire drills, table tops)
Mitigate Document Results & Improve Performance
• Generate reports for management, auditors, and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
Assess Identify and Evaluate Incidents
• Assign appropriate team members
• Evaluate precursors and indicators
• Track incidents, maintain logbook
• Automatically prioritize activities based on criticality
• Log evidence
• Generate assessment
Manage Contain, Eradicate and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment strategy
• Isolate and remediate cause
• Instruct evidence gathering and handling
![Page 12: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/12.jpg)
12
Co3 Systems, Inc.
Prepare
• Incident response teams often include:
– IT, Legal (internal and/or external), Compliance, Audit, Privacy, Marketing, HR, Senior Executive
– Pre-define roles and responsibilities
• RACI (Responsible, Accountable, Consulted, Informed)
• SOPs can include:
– Processes to be followed by incident type
– Standardized interpretation of legal / regulatory requirements
– 3rd party contractual requirements
• Simulations
– Can range from drills to full-scale exercises
– Communications is key
• Roles, contact info, internal and external
– Gauge organization preparedness, catalyze improvement
Prepare Improve Organizational Readiness
• Appoint team members
• Fine tune response SOPs
• Link in legacy applications
• Run simulations (fire drills, table tops)
![Page 13: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/13.jpg)
PREPARE
![Page 14: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/14.jpg)
14
Co3 Systems, Inc.
Assess
• Prioritize efforts
– Based on value of asset, potential for customer impact, risk of fines, and other risks
• Leverage threat intelligence
• Incident declaration matrix
– Based on category and severity level
– Can set SLAs for each
Assess Identify and Evaluate Incidents
• Assign appropriate team members
• Evaluate precursors and indicators
• Track incidents, maintain logbook
• Automatically prioritize activities based on criticality
• Log evidence
• Generate assessment
![Page 15: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/15.jpg)
ASSESS
![Page 16: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/16.jpg)
POLL
![Page 17: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/17.jpg)
17
Co3 Systems, Inc.
Manage
• Iterate on your plan
• Communicate status
– Different mechanisms for different constituents
• Ensure everything is tracked
Manage Contain, Eradicate and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment strategy
• Isolate and remediate cause
• Instruct evidence gathering and handling
![Page 18: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/18.jpg)
MANAGE
![Page 19: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/19.jpg)
19
Co3 Systems, Inc.
Mitigate
• Conduct a post-mortem
– Validate investment or lobby for more
– Identify areas for improvement
• Did we hit our SLAs?
– Update playbooks
• Track incident source
– pinpoint risk to drive improvement, and/or trigger bill-back
• Update preventative and detective controls
Mitigate Document Results & Improve Performance
• Generate reports for management, auditors, and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
![Page 20: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/20.jpg)
MITIGATE
![Page 21: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/21.jpg)
QUESTIONS
![Page 22: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/22.jpg)
22
Next Up
• Today's Breach Reality, The IR Imperative, And What You Can Do About It
– Wednesday, July 16, 2014 1:00 PM - 2:00 PM EDT
• BlackHat 2014
– August 5-7, Las Vegas
![Page 23: EU Cyber Attacks And The Incident Response Imperative](https://reader034.fdocuments.us/reader034/viewer/2022051818/54b70e4d4a7959a8588b461f/html5/thumbnails/23.jpg)
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages for
privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and
very well designed.”
PONEMON INSTITUTE
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013