1 / 8

Incident Management & Forensics The Workshop for Cool People!

Incident Management & Forensics The Workshop for Cool People!. Date: 3 rd May, 2008. Hosted by: Neil Hare-Brown MSc CISA CISSP MBCS CITP. Introduction - Who are QCC?.

kaveri
Download Presentation

Incident Management & Forensics The Workshop for Cool People!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident Management & ForensicsThe Workshop for Cool People! Date: 3rd May, 2008 • Hosted by: Neil Hare-Brown MSc CISA CISSP MBCS CITP

  2. Introduction - Who are QCC? QCC formed in 1996 to provide expert advice to business and government on information security, risk assessment, incident response, training in computer crime and forensics. • Principals are ex-Met Computer Crime Unit, NHTCU, Ops Tech Support Unit and Military. • Main work concerns incident response and management (inc. computer forensics) and training others to deal with incidents (inc. Info Sec training with Royal Holloway). • Architects of Blackthorn: web-app used by many orgs to manage security incidents, assessments & real-time risk.

  3. Current Incident Hype? What do we know about incidents? • Lets face it: Incidents are sexy! • Management want to know • The entire workforce wants to know • The media wants to know • So what do we know? • V, little?? • Most organisations do not record security incidents with any detail • Information is often lost amongst service incident stats • Industry surveys cannot be that accurate because their source data is flawed

  4. Why Incident Management needs to be Improved! Further compounded is.. • Most incidents are managed as ‘unique events’ • Response often involves different people each time • We learn very little from them • We find it hard to give management any meaningful stats • Incident data (our risk experience) is not cross-correlated into our risk analysis so we don’t know if what we expected (and told management) was what we experienced! • We therefore find it very hard/impossible to show ROSI and justify our control recommendations • The business decides/has to accept the risk with no empirical data: it’s like car insurers covering you with no RTA data..whooah! Heavy Premiums!

  5. Interesting Approaches (so far) The Trouble with Stove Piping! • Like other areas of security, R&D in this area has been particularly polar; examples: CERTs (IT Sec), NISCC (InfoSec), Civil Contingencies Secretariat (Physical) • How many types of incident exist in just one of these areas exclusively? • Nearly all incidents need (for effective response) a blend of expertise from across [and sometimes external to] an organisation. CPNI recognise and have aligned to this! • There is a need to view more holistic in detecting, recording, managing and learning from security incidents • There are techniques and expertise that are required depending on the incident type i.e. Digital Forensics

  6. Digital Forensics Discover the “Smoking Gun” of the hi-tech world • Where might you need DF? • Types of incident • Location, location, location • DF and the law • What to look for and expect from a competent DF supplier • What to do when you think you might need DF • Standards & best practice

  7. Why My Workshop?? Come on – you know you want it! • Understand how to break the problem down and SOLVE IT! • Get cool reference to standards/best practice & tools • Learn how to close the virtuous circle of security risk management • Determine the metrics and information (and expertise) that could be securely shared to enable WARPs to manage incidents effectively and drive risk down • Be “In with the In Crowd” • Go where the “In Crowd” goes…. • …to the Incident Management & Forensics workshop!

  8. COME ON! neilhb@qcc.co.uk Neil Hare-Brown +44 (0)207 353 9000 www.qccis.com

More Related