3. Cyber thieves target smaller companies!
• They are not prepared
• They don’t understand their legal obligations
• They have financial liability
• They are the nexus for larger company breaches
BradfordBach | bbach@titan-ca.com | 213.784.3070
4. Cyber attacksare on the rise
• Nations, groups & individuals are targeting
– Institutions
– Financial services agencies
– Utilities
– Consumers
• 43 percent of US firms have experienced a data breach in the past year (survey of
735 businesses)
Source: Pew Research Centerand Ponemon Institute
BradfordBach | bbach@titan-ca.com | 213.784.3070
5. What are the hackers looking for?
• Credit card details
• Bank account numbers and PIN’s
• Social security numbers
• Passport numbers
• Drivers licenses
• Usernames and passwords
• Birthdays and anniversaries
BradfordBach | bbach@titan-ca.com | 213.784.3070
6. Management’sconcern about data breach
Percentage concern level on 10-point scale
Source: Ponemon Institute
BradfordBach| bbach@titan-ca.com | 213.784.3070
8. Investments in response to databreaches
Source: Ponemon Institute
BradfordBach | bbach@titan-ca.com | 213.784.3070
9. What constitutesan incident?
• Report of a physical or criminal act (e.g.:theft of a computer, laptop, tablet or PDA)
• Suspicion that a device has been compromised to allow access to sensitive data
• Security issue with a person using equipment
• Other circumstances that warrant investigation include disruptive viruses, denial
of service attacks, malware, phishing scams, spam etc.
BradfordBach| bbach@titan-ca.com | 213.784.3070
10. Are youprepared?
• Are you working with your IT team to ensure that you have appropriate security
controls in place?
• Do you have a SIRT team in place including general counsel, executives, key
personnel & IT?
• Have you implemented best practices policies and procedures to secure your
network?
• How are you funded to cover the legal compliance and costs associated with a
breach?
• Do you know what laws impact your industry?
BradfordBach| bbach@titan-ca.com | 213.784.3070
12. SIRT response teams andplan minimums
1. Planning: Have shared goals and describe them in detail
2. TheTeam: Identify, inform and train those you expectto take
action
BradfordBach| bbach@titan-ca.com | 213.784.3070
13. SIRT response teams andplan minimums
3. Incident identification methods and triggers
Define events and mechanisms that mighttrigger a security incident investigation. Provide examples
to help othersunderstand what to look for and how to respond.
• Theft or loss ofan unencrypted device
• Hacking ofa system containing protected data
• Employee snooping
• Malwarecapable ofdata exfiltration
BradfordBach| bbach@titan-ca.com | 213.784.3070
14. SIRT response teams andplan minimums
4. Breach determination methodology
How will youdetermine if protected data was likelyto havebeen compromised based on the
attack, data classification, jurisdiction andparticular regulations?
Usethe four factor risk assessment methodology required for healthcaredata. If thereis a
probability of compromise, then you have suffered a breach. Thefour factors are:
• Thenatureandextentoftheprotectedinformationinvolved,includingthetypesofidentifiersandthelikelihoodofre-
identification;
• Theunauthorizedpersonwhousedtheprotectedinformationortowhomthedisclosurewasmade;
• Whethertheprotectedinformationwasactuallyacquiredorviewed;
• Theextenttowhichtherisktotheprotectedinformationhasbeenmitigated.
BradfordBach| bbach@titan-ca.com | 213.784.3070
15. SIRT response teams andplan minimums
5. Breach response team activation
This will includemembers of the CIRTbut those that are normallynot included in incidents that do
not convert to a breach. Theycan be both internaland external including:
• Technical
• Executive
• Legal andcompliance
• Public relations
• Security vendors, etc.
BradfordBach| bbach@titan-ca.com | 213.784.3070
16. SIRT response teams andplan minimums
6. Notification actions
Notification requirements vary by statute, state and data class. It is important to know the
requirements for each class of data youpossess.
7. Reporting and documentation
It is critical that youproduce accurateand complete documentation of the events, actions, and results
that occuras the result of a security incident. Besure to spend the time requiredto accuratelyportray
what happened, who did what, to what and with what? Keep copies of all communications,
notifications and any and all activity.
BradfordBach| bbach@titan-ca.com | 213.784.3070
17. SIRT response teams andplan minimums
8. Policy and procedural ortechnological improvement
After a significant security incident and breach is a great opportunity to improveupon the policies and
procedures to prevent another breach in the futureand how to respond if it happens again. Takethis
opportunity to consider what happened and how youreacted. Thenconsider and documentways to
improveon both.
BradfordBach| bbach@titan-ca.com | 213.784.3070
18. Trainingand updating staff
Onceyou have createdyour Computer Security Incident Response Plan and when you
use the plan to respond; you should then train your staff effectively and consistently.
BradfordBach| bbach@titan-ca.com | 213.784.3070
19. Trainingand updating staff
• Having plans for which staff are either unaware of or are not familiar with when it
is time to act is much like having no plans at all.
• A lack of training can lead to inaction, delays and mistakes which are avoidable
and canbe incredibly costly. Empoweryour employees to beconfident and ready
to act when the inevitable occurs.
BradfordBach| bbach@titan-ca.com | 213.784.3070
23. Understandyour specificlegal obligations
• Health InformationPortability& AccountabilityAct(HIPAA)
• Health InformationTechnologyforEconomicandClinical Health Act (HITECH)
• Customs-TradePartnershipAgainstTerrorism(C-TPAT)
• FairandAccurateCreditTransactionAct(FACTA) includesRedFlagsRule
• NorthAmerican Electric ReliabilityCorp.(NERC)
• CriticalInfrastructureProtection(CIP)
• InternationalTraffickingin Arm Regulation(ITAR)
• Criminal JusticeInformationServices (CJIS)
• FederalInformationProcessingStandards(FIPS)
• FederalInformationSecurityManagement Act(FISMA)
• TheChildren’sOnlinePrivacyProtectionAct(COPPA)
BradfordBach| bbach@titan-ca.com | 213.784.3070
24. Be prepared!
• Addressing regulatory issuesshould go beyond meeting minimum requirements. It
should also introduce efficiencies and processes that improve your overall
business.
BradfordBach| bbach@titan-ca.com | 213.784.3070
25. Areas of focus tobe defensible in2016
1. Do a vulnerability or security assessment
2. Conduct patching for software security updates
3. Implement e-mail spam/malware filtering with link reputation checking
4. Set up a network security policy
5. Antivirus/malware
6. Cultivate a culture of safety with end-usertraining
• Source:: LeadingSecurityExpertsAlvakaNetworks
BradfordBach| bbach@titan-ca.com | 213.784.3070
26. Areas of focus tobe defensiblein 2016
7. Implement backupand disaster recovery/business continuity
8. Network monitoring is an important function
9. Utilize the full security potential of VLAN and VPN
10. Gofor an up-to-date firewall/UTM technology, IPS/IDS
11. Dual factor authentication provides greater security
12. Makesureyou do your budgeting and ROI on security measures
Source:: Leading Security Experts Alvaka Networks
BradfordBach| bbach@titan-ca.com | 213.784.3070