Building a Cybersecurity Building a Cybersecurity Building a Cybersecurity Building a Cybersecurity Incident Response ProgramIncident Response ProgramIncident Response ProgramIncident Response Program
EDWARD MARCHEWKA, CISSPEDWARD MARCHEWKA, CISSPEDWARD MARCHEWKA, CISSPEDWARD MARCHEWKA, CISSP
http : //b i t . l y /marchewka
Some Quotes…
o Doing anything in panic mode is never a good
idea.
o Marchewka
o An ounce of prevention is worth a pound of cure.
o Benjamin Franklin
o I will prepare and some day my chance will come.
oAbraham Lincoln
Disclaimerso Everything stated in this message is to be considered my own opinion, and not an official representation of Gift of Hope or any other Gift of Hope employees.
o There may be bad jokes for which I do not apologize.
o Just a couple extras… Actual mileage may vary. Price does not include tax, title, and license. Some assembly required. Each sold separately. Batteries not included. Objects in mirror are closer than they appear. If conditions persist, contact a physician. Keep out of reach of children. Avoid prolonged exposure to direct sunlight. Keep in a cool dark place.
o Any spelling and grammar mistakes in this article are all entirely my fault and on purpose.
o Citation: Merriam-Webster's collegiate dictionary (10th ed.). (1993). Springfield, MA: Merriam-Webster.
Some interesting notes...
https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf
Agendao Risk Assessment
o Outside Council
o Communications
o End Users
o Law Enforcement
o Forensics Team
o Planning
Risk Assessmento Perform a risk assessment
o Use a risk register
o You should already have done it – compliance requires ito HIPAA
o PCI
o NIST
o Need help – NIST 800-30o http://csrc.nist.gov/publications/nistpubs/800-30-
rev1/sp800_30_r1.pdf
Outside Councilo Partner with outside council
o Look for someone (or firm) with cyber experience
o Reduce or risk/liability by protecting your communications under privilege
o Notify first in the event of suspected breach, data loss, or incident
Communicationso Prepare, prepare, prepare
o Templates (Fill in the blank)
o Get as many scenarios ready
o Get approvals to use templates – thresholds or guidelines
o Internal comms, external comms, media comms
End Userso They are going to need leadership
o Most don’t listen
o Think for them and be proactive
o Most want to do what is right
Law Enforcemento Don’t be afraid to involve law enforcement
o Have contacts ahead of time
o FBI via Chicago InfraGard
o Secret Service via Chicago Electronics Crimes Task Force
o DHS via Chicago InfraGard
o Local and State PD – Jurisdiction issues or questions
Forensics Teamo Know your action plan with respect to forensics
o Have some staff on hand to begin gathering or at least preservation
o Have a forensics team on retainer or at least as a partner
o If organization is large enough have forensics tools on hand
Planningo Do table top exercises (TTXs)
o Do actual mock drills as part of BC/DR plan
o Bring in outside parties to assisto FBI
o Chicago FIRST
o many consultants
o Involve local OEMC
What we did…
o Risk Assessment
o Outside Council
o Communications
o End Users
o Law Enforcement
o Forensics Team
o Planning
Top Related