Ic Sconf2010presentation Dp Bh
-
Upload
brian-honan -
Category
Technology
-
view
1.580 -
download
2
description
Transcript of Ic Sconf2010presentation Dp Bh
![Page 1: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/1.jpg)
ICS Data Protection Conference 2010
Data Breach !!What Next?
2nd Annual ICS Data Protection Conference
![Page 2: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/2.jpg)
ICS Data Protection Conference 2010
Infosec Professional Certainties
![Page 3: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/3.jpg)
ICS Data Protection Conference 2010
Typical IT Security
3
![Page 4: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/4.jpg)
ICS Data Protection Conference 2010
But …
![Page 5: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/5.jpg)
ICS Data Protection Conference 2010
Controls Will be Bypassed
![Page 6: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/6.jpg)
ICS Data Protection Conference 2010
Traditional Incident Response
Adhoc & Unplanned
Deal with it as it happens
Prolonged Recovery Times
Damage to Company
Lack of Metrics
Legal Issues
Bad Guys/Gals Getting Away
![Page 7: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/7.jpg)
ICS Data Protection Conference 2010
IT Manager In Line Of Fire
![Page 8: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/8.jpg)
ICS Data Protection Conference 2010
Why Improve Incident Response?
Fail to Prepare – Prepare to Fail
![Page 9: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/9.jpg)
ICS Data Protection Conference 2010
Why Improve Incident Response?
![Page 10: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/10.jpg)
ICS Data Protection Conference 2010
So Far in 2010
![Page 11: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/11.jpg)
ICS Data Protection Conference 2010
Increasing Number of Irish Incidents
WWW.IRISS.IE• Membership is Free
![Page 12: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/12.jpg)
ICS Data Protection Conference 2010
Establish Team
Information Security Operations Human
Resources Legal Public Relations
Facilities Management
![Page 13: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/13.jpg)
ICS Data Protection Conference 2010
Set up Alerting Mechanisms
![Page 14: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/14.jpg)
ICS Data Protection Conference 2010
Identify Tools
![Page 15: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/15.jpg)
ICS Data Protection Conference 2010
Standard Operating Procedures
![Page 16: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/16.jpg)
ICS Data Protection Conference 2010
Agree Authority of IRT
![Page 17: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/17.jpg)
ICS Data Protection Conference 2010
Establish External Relationships
![Page 18: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/18.jpg)
ICS Data Protection Conference 2010
Practise Makes Perfect
![Page 19: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/19.jpg)
ICS Data Protection Conference 2010
Response Process
![Page 20: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/20.jpg)
ICS Data Protection Conference 2010
Don’t
![Page 21: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/21.jpg)
ICS Data Protection Conference 2010
Do Nothing !!
![Page 22: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/22.jpg)
ICS Data Protection Conference 2010
Contain the Incident
![Page 23: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/23.jpg)
ICS Data Protection Conference 2010
Eradicate the Root Cause
![Page 24: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/24.jpg)
ICS Data Protection Conference 2010
Recover Systems
![Page 25: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/25.jpg)
ICS Data Protection Conference 2010
Monitor
![Page 26: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/26.jpg)
ICS Data Protection Conference 2010
Communicate Regularly
![Page 27: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/27.jpg)
ICS Data Protection Conference 2010
Disclosure?
![Page 28: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/28.jpg)
ICS Data Protection Conference 2010
More information
• C S IRT H andbookh t tp : / /www.c e rt .o rg /a rc h i v e /p d f/c s i r t -h a n d b o o k .p d f
• Forming an Inc ident Response Teamh t tp : / /www.a u s c e rt .o rg .a u /re n d e r .h t ml ? i t= 2 2 5 2
• Incident R esponse W hite P aper – B H C onsulti ng
h t tp : / /www.b h c o n s u l t i n g . i e / In c i d e n t% 2 0 Re s p o n s e % 2 0 W h i te % 2 0 Pa p e r .p d f
• R FC 2350: E xpec tations for Computer S ecurity Incident R esponseh t tp : / /www.rfc -a rc h i v e .o rg /g e t rfc . p h p ? rfc = 2 3 5 0
• O rganisational Models for C omputer S ecuri ty Inc ident Response Teamsh t tp : / /www.c e rt .o rg /a rc h i v e /p d f/0 3 h b 0 0 1 . p d f
• The S A N S Ins titute’s Reading R oomh t tp : / /www.s a n s .o rg /re a d i n g _ ro o m
![Page 29: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/29.jpg)
ICS Data Protection Conference 2010
More Resources
• Guidelines for Evidence Collection and Archiving (RFC 3227)
http://www.ietf.org/rfc/rfc3227.txt
• Resources for Computer Security IncidentResponse Teams (CSIRTs)
http://www.cert.org/cs irts /resources .html
• RFC 2196: Site Security Handbookhttp://www.faqs.org/rfcs/rfc2196.html
• ENISA Step by Step Guide for setting up CERTShttp://enisa.europa.eu/doc /pdf/del iverables/eni sa_cs irt_setti ng_up_guide.pdf
• CSIRT Case Classification (Example for enterprise CSIRT)http://www.firs t.org/resources /guides/csi rt_case_classification.html
![Page 30: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/30.jpg)
ICS Data Protection Conference 2010
Questions?
www.twitter.com/brianhonanwww.bhconsulting.ie/securitywatch
Tel : +353 – 1 - 4404065
![Page 31: Ic Sconf2010presentation Dp Bh](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bc93ab4c9053a298b592e/html5/thumbnails/31.jpg)
ICS Data Protection Conference 2010
Thank you