![[QA Night Recife] Heartbleed SecInf](https://static.fdocuments.us/doc/165x107/55cf7ae2bb61eb92768b4643/qa-night-recife-heartbleed-secinf.jpg)
Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by:...
10
Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP, GCIH, GSEC Lucas Walker, Information Security Analyst - GSEC
-
Upload
anthony-greene -
Category
Documents
-
view
218 -
download
3
Transcript of Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by:...
Incident ResponseAnd a debrief of UNM’s response to the Heartbleed vulnerability
1
Presented by:Michael Burlison, Information Security Analyst – CISSP, GCIH, GSECLucas Walker, Information Security Analyst - GSEC
What happened and why you should care…
2
• Researched scope of problem
• Identified vulnerable systems
• Updated and patched core IT-managed systems
• Revoked and re-issued SSL certificates
• Involved the community:• Notified departmental IT areas
• Posted alerts
• Involved help desk
• Provided instructions to users
• Issued password resets for impacted services
What IT did
3
What IT is doing:• Scanning and monitoring for vulnerable systems on the network
• Monitoring Intrusion Prevention Systems (IPS) for Heartbleed activity
• De-briefing stakeholders and decision makers, “Lessons Learned”
• Researching for patches that are still being deployed
4
Incident Response Plan• Is an action plan for dealing with intrusions, cyber-theft, denial
of service, malicious code, natural disasters, and other security-related events
• Incidents can be intentional or unintentional
• Incident Response Plans help to know what to do when an incident occurs.
• Not a matter of “IF,” but of “WHEN”
• Planning is (almost) everything! 5
Incident Response Plan
•DoE’s 6 Step Process:1. Prepare2. Identify3. Contain4. Eradicate5. Recover6. Lessons Learned
6
Key Mistakes• Failure to report or ask for help
• Incomplete / non-existent notes
• Mishandling / destroying evidence
• Failure to:• Create working backups• Contain or eradicate • Prevent re-infection• Apply lessons learned
7
Legal Aspects• Plans, policies, and procedures developed for incident handling must:• Comply with applicable laws• Be reviewed by legal counsel & key stakeholders
• Unless you are a lawyer in OUC, you are not the expert. Work closely with legal counsel
• Regulations:• FERPA• PCI• GLBA• HIPAA• ITAR
• Reporting security breaches, cyber-insurance, international standards (ISO 17799)
8
UNM Incident Response Plan• Draft will be distributed to this audience
• PCI version is on cio.unm.edu/standards
• ERP version is posted on Banner ERP sites• Is being updated• Will be posted to CIO Standards page
9
