1 / 16

Navigating a Cybersecurity Incident: Plan, Prepare, Manage, Mitigate, Remediate

Learn how to effectively navigate a cybersecurity incident with strategies for planning, preparing, managing, mitigating, and remediating the incident. Develop an incident response plan, establish a CSIRT, and implement detection and remediation techniques. Also, gain insights on the administrative elements and considerations for engaging third-party contractors.

fkirkman
Download Presentation

Navigating a Cybersecurity Incident: Plan, Prepare, Manage, Mitigate, Remediate

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident Response November 2015 Navigating a Cybersecurity Incident

  2. Plan, Prepare, Manage, Mitigate and Remediate Plan – Have a plan and test it Prepare – Create a CSIRT and practice scenarios Manage – Have a program for managing an incident Mitigate – Plans of Action to mitigate common scenarios Remediate – Action plan for addressing gaps and issues

  3. Create an Incident Response Plan • Develop an Incident Response Plan • Multidisciplinary team • Roles and Responsibilities • Line of Authority • Triggers to Activate CSIRT • Status updates – timing

  4. Computer Security Incident Response Team (CSIRT) • Information Systems Services • Windows • Unix • Messaging • Networking • Help Desk • Information Security • Legal • Human Resources

  5. The Computer Security Incident Response Team • Strategies for different types of breaches • Technical response • Public relations response • Legal response

  6. Detection – Information Security • IDS – Intrusion Detection Systems • SIEM – Security Information and Event Management • FIM – File Integrity Monitoring Systems • FW – Firewall activity • AV – Anti-Virus Alerts • Service Desk Calls • Users • Customers

  7. Detection – Is this an incident • Did you lose data? • How much data and exactly what type? • Is the data loss ongoing? • Who knows about the data loss? • This information is going to guide the next phases of the response • Will we need to report the loss • How big is the loss – number of customers • How will we manage the process

  8. Managing and mitigating the incident • Identify your organizations priorities • Nature of the incident • Restore affected or compromised systems • Apply corrective actions to any identify vulnerabilities • Apply countermeasures to security systems • Assign responsibility for correcting systemic issues • Track progress of all corrective actions • Validate the actions taken are effective • Update your security policy and procedures

  9. Remediation • The goal of those engaged in a data breach and incident response is to • Stop the bleeding – data loss • Quantify the loss • Secure your information systems • Fix any holes in your security and operations

  10. Lessons learned – Follow up • Actions to fix infrastructure and security • Assigned an owner who is responsible for the fix • Given adequate resources to address problems • Required to provide regularly scheduled updates until resolution

  11. Remediation - repairing the damage to the brand • For customers • Credit monitoring • Credit repair • Litigation services for any victimized by ID Theft • Company Image • Good will gestures • Awareness Outreach to customers on data protection • Following up on all promises

  12. Consider Third Party ContractorsDigitigal Forensics and Crisis Response • Benefits of third party contractors • Equipped to deal with crisis situation • Instant Expertise • Typically can provide rapid response • Can provide you with legal cover • Issues of third party contractors • Cost – they can be expensive – $300 plus per hour • Delays in getting onsite – paper work and travel • No guarantee of resuts

  13. Overview of Administrative Elements • Management roles and responsibilities • Leadership is essential to effective response • Let the team do its job, but keep a informed of progress • Status meetings – as needed, but initially 3 a day • Current Status • Tasks to Complete • Next Steps • Who is assigned • Be prepared to make timely and informed decisions • Keep tabs on staffing and watch for fatigue • Support your people and do not lose your temper • If staff do not perform or are ineffective you will need to decide how to proceed, but think before you act

  14. Overview of Administrative Elements • Public Relations • Single message – clear, concise and to the point • If you have a public relations staff, let them work with your legal counsel on the message, review it and make sure all contingencies have been addressed and then let them deliver it. • Explain what has happened • Progress of the investigation • Steps the organization will be taking • How the public and press can keep informed • A wise policy is to inform all company personnel that any inquiries about an incident must be directed to Legal council • Templates can be prepared and vetted prior an incident and can be ready to use in event of a breach

  15. Questions? Fred Howell, MBA, MSISM, CISSP Manager of Security and Privacy Consulting Services RSM LLP 80 City Square Boston, MA 02129 Office 617-241-1520 Cell 781-831-2767 Email: Fred.Howell@RSMUS.com

  16. McGladrey LLP Andy Obuchowski 80 City SquareBoston, MA 022129617.241.1219 Andy.obuchowski@mcgladrey.com www.mcgladrey.com

More Related