SlideShare uma empresa Scribd logo

Incident Response

InnoTech
InnoTech

Presented at InnoTech Dallas 2016. All rights reserved.

Tecnologia
1 de 25
Baixar para ler offline
How To Avoid a Corporate Meltdown: Create a Security Response Plan Now By Mic Martin, President www.MTCyberC.com
Topics of Discussion • Background • Policies and Directives • Incident Response Plan Components • Response Team Roles and Responsibilities • Importance of Testing and Practice • Information Sharing and Communication • Cyber Security Information Sharing Act of 2015
Background  18 years of Information Security expertise: Security Awareness Training, Cross-Sector Collaboration Information Sharing Bridge, Incident Response, Encryption, Policy, and System Security Risk Assessments (C&A)  Served in executive leadership roles with Dept of Defense (DoD), Dept of Homeland Security (DHS) in Washington D.C, and Federal Bureau of Investigation (FBI)  Trains the FBI on Information Security Subject Matter Areas of Expertise  Operation Iraqi Freedom U.S. Air Force Veteran  The President of MicheTechnology Cyber Consultants, LLC  Specializes in: – Critical Infrastructure Protection Master: Cyber Threat and Hazard Identification – Intelligence Community (IC) Classified Information Systems – National Security Systems Risk Assessments – Law Enforcement (LE) Sensitive Systems – Insider Threat
Policies and Governance
We Are Inextricably Intertwined • Hospitals/Medical Facilities IT and Communications • Maritime and Power Grid IT and Communications • Transportation IT and Communications • Emergency Management IT and Communications • Defense IT and Communications The Climate Is Changing Too Fast For You To Still Be Doing What You Did A Year Ago In Your Organizations
A Good Reputation Is More Valuable Than Costly Perfume Company Reputation Fines for Non-Compliance Fees for Consumer Protection Loss of Business Credibility Higher Insurance Premiums Irreparable Damage or Loss Lawsuits
Incident Response Plan Components Critical Assets – **NEED TO BE IDENTIFIED** – Who Do They Belong To And Who Has Them? – Where They Are Located? – Who Has Privileged Access To Them, What Type, and What For? What is Considered an Incident For Your Company? – Human-Caused: Insider Threat, Untrained Staff – Natural-Caused: Tornadoes, Floods, Earthquakes – Technological-Caused: Power Grid Failure, Transportation Failures
Incident Response Plan Components Require a Formal Incident Reporting System Determine a Category Escalation Matrix Incident Trigger-Employee, Self-Report, Notice Team Roles and Responsibilities Investigation Communication Testing and Practice Maintenance and Updates
Human-Caused Incidents • Lost/Stolen Mobile Device, Laptops, Tablets • Unauthorized Software/Hardware Installs • Data Leaks/Spills and Breaches • Unauthorized/Improper Use of Access • Ransomware- Locky, CryptoWall, CryptoLocker • Virus Intrusions • Insider Threat Turncoats
Escalation Matrix Ideas DOD Chairman of the Joint Chiefs of Staff Matrix Example CJCSM 6510.01B
Escalation Matrix Ideas Dept of Homeland Security DHS 4300A Matrix Example
Customary Response Team Members INFO TECHNOLOGY CSIRT-IT Sanitizing Team Data Center Security Operations Center Server Management Mainframes Information Security/ Assurance Office Database Administrator Vulnerability Assessment Help Desk Web Developers Classified Network Forensics Infrastructure Protection Program Manager Storage & Virtualization COMSEC Engineers Malware Analysis PKI Certificate Authority Destruction Penetration Testers Network & Sys Admin End Users
Blindspots = Vulnerability Everyone Else Evidence Response Teams Supply and Inventory Technicians Vendors and Contractors Policy and Governance Office Privacy/Civil Liberties Physical Security Building Owner for Leased Facilities Inspector General (IG) Office *FTI-US Treasury Supervisors and Managers Facilities Security Officers (FSO)/Clearance Specialists Human Capital (HR) Legal Office Media /Public Affairs Office Finance OSHA Safety Officers Law Enforcement Emergency Management Coordinator Hospital Fire Department Red Cross Insider Threat Crisis Management Coordinators CIRT-Other Acquisition Office Cloud Service Provider Command Centers/Dispatch City, County, State, Tribal, Federal Agencies System Owner Executive Management Your Customers
Full Team Roles & Responsibilities CSIRT-IT Sanitizing Team Data Center Security Operations Center Server Management Mainframes Information Security/ Assurance Office Database Admins Vulnerability Assessment Help Desk Web App Classified Network Forensics Infrastructure Protection Program Manager Storage & Virtualization COMSEC Engineers Malware Analysis PKI Certificate Authority Destruction Penetration Testers Network & Sys Admin End Users Evidence Response Teams Supply and Inventory Technicians Vendors and Contractors Policy and Governance Office Privacy/Civil Liberties Physical Security Building Owner for Leased Facilities Inspector General (IG) Office *FTI-US Treasury Supervisors and Managers Facilities Security Officers (FSO)/Clearance Specialists Human Capital (HR) Legal Office Media /Public Affairs Office Finance OSHA Safety Officers Law Enforcement Emergency Management Coordinator Hospital Fire Department Red Cross Insider Threat Crisis Management Coordinators CIRT-Other Acquisition Office Cloud Service Provider Command Centers/Dispatch City, County, State, Tribal, Federal Agencies System Owner Executive Management Your Customers
Testing and Practice Improves Response Time and Avoids a Corporate Meltdown Gone are the days when you could simply change the date and replace names in your Security Response Plans
Practice and Testing Types
Communication Must Notify Everyone Identified In Your Response Plan of Their Role and Responsibilities Annotate Contact Information: Name, Title, Email, Physical Address, Mailing Address, Desk Phone, Cell Phone, Home Phone, After-Hours Phone, Radio Call Sign, Twitter Handle, Skype ID… Communicate the Plan To Your Staff What Good Is A Security Response Plan If No One Knows About It?
Information Sharing of the Plan
Cyber Security Information Sharing Act of 2015
Who’s Going to Update This?!?CSIRT-IT Sanitizing Team Data Center Security Operations Center Server Management Mainframes Information Security/ Assurance Office Database Admins Vulnerability Assessment Help Desk Web App Classified Network Forensics Infrastructure Protection Program Manager Storage & Virtualization COMSEC Engineers Malware Analysis PKI Certificate Authority Destruction Penetration Testers Network & Sys Admin End Users Evidence Response Teams Supply and Inventory Technicians Vendors and Contractors Policy and Governance Office Privacy/Civil Liberties Physical Security Building Owner for Leased Facilities Inspector General (IG) Office *FTI-US Treasury Supervisors and Managers Facilities Security Officers (FSO)/Clearance Specialists Human Capital (HR) Legal Office Media /Public Affairs Office Finance OSHA Safety Officers Law Enforcement Emergency Management Coordinator Hospital Fire Department Red Cross Insider Threat Crisis Management Coordinators CIRT-Other Acquisition Office Cloud Service Provider Command Centers/Dispatch City, County, State, Tribal, Federal Agencies System Owner Executive Management Your Customers
Response Plan Components Review  Identify Company Critical Assets  Who has them (System Owner)  Where they are located  Who has privileged access to them and what type  What is Considered an Incident For You?  Human-Caused: Insider Threat, Untrained Staff  Natural-Caused: Tornadoes, Floods, Earthquakes  Technological-Caused: Power Grid Failure, Transportation Failure  Require a Formal Incident Reporting System  Determine a Category Escalation Matrix  Incident Trigger-Employee, Self-report, Notice  Roles and Responsibilities  Investigation  Communication and Information Sharing  Cyber Security Information Sharing Act of 2015  Testing and Practice  Maintenance and Updates of the Response Plan
THANK YOU! For Incident Response Training Information Contact: Mic Martin, President Email: micmartin@mtcyberc.com Tel: 469-340-2804 www.MTCyberC.com

Recomendados

Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 

Recomendados

Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations CenterJimmy Mesta
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Incident Management
Incident ManagementIncident Management
Incident ManagementAbhishek Agnihotry
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 

Mais conteúdo relacionado

Mais procurados

The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations CenterJimmy Mesta
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 

Mais procurados (20)

The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Security policy
Security policySecurity policy
Security policy
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
information security management
information security managementinformation security management
information security management
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 

Destaque

Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Incident Response in an ICS Environment
Incident Response in an ICS EnvironmentIncident Response in an ICS Environment
Incident Response in an ICS EnvironmentDavid Sweigert
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Remote Infrastructure Management
Remote Infrastructure ManagementRemote Infrastructure Management
Remote Infrastructure ManagementPrime Infoserv
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
Introduction to itil v3/ITSM Processes and Functions
Introduction to itil v3/ITSM Processes and FunctionsIntroduction to itil v3/ITSM Processes and Functions
Introduction to itil v3/ITSM Processes and FunctionsPrasad Deshpande
 
Real-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data GovernanceReal-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data GovernanceDATAVERSITY
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 

Destaque (14)

Incident Management
Incident ManagementIncident Management
Incident Management
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
C-RE-01
C-RE-01C-RE-01
C-RE-01
 
Incident Response in an ICS Environment
Incident Response in an ICS EnvironmentIncident Response in an ICS Environment
Incident Response in an ICS Environment
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Remote Infrastructure Management
Remote Infrastructure ManagementRemote Infrastructure Management
Remote Infrastructure Management
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
Introduction to itil v3/ITSM Processes and Functions
Introduction to itil v3/ITSM Processes and FunctionsIntroduction to itil v3/ITSM Processes and Functions
Introduction to itil v3/ITSM Processes and Functions
 
Real-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data GovernanceReal-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data Governance
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 

Semelhante a Incident Response

ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2Chris Baldwin
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2marchharvey
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
IT Security Services
IT Security ServicesIT Security Services
IT Security ServicesOmar Toor
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdfSurendhar57
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 

Semelhante a Incident Response (20)

ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
IT Security Services
IT Security ServicesIT Security Services
IT Security Services
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 

Mais de InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

Mais de InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Último

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Último (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Incident Response

  • 1. How To Avoid a Corporate Meltdown: Create a Security Response Plan Now By Mic Martin, President www.MTCyberC.com
  • 2. Topics of Discussion • Background • Policies and Directives • Incident Response Plan Components • Response Team Roles and Responsibilities • Importance of Testing and Practice • Information Sharing and Communication • Cyber Security Information Sharing Act of 2015
  • 3. Background  18 years of Information Security expertise: Security Awareness Training, Cross-Sector Collaboration Information Sharing Bridge, Incident Response, Encryption, Policy, and System Security Risk Assessments (C&A)  Served in executive leadership roles with Dept of Defense (DoD), Dept of Homeland Security (DHS) in Washington D.C, and Federal Bureau of Investigation (FBI)  Trains the FBI on Information Security Subject Matter Areas of Expertise  Operation Iraqi Freedom U.S. Air Force Veteran  The President of MicheTechnology Cyber Consultants, LLC  Specializes in: – Critical Infrastructure Protection Master: Cyber Threat and Hazard Identification – Intelligence Community (IC) Classified Information Systems – National Security Systems Risk Assessments – Law Enforcement (LE) Sensitive Systems – Insider Threat
  • 5. We Are Inextricably Intertwined • Hospitals/Medical Facilities IT and Communications • Maritime and Power Grid IT and Communications • Transportation IT and Communications • Emergency Management IT and Communications • Defense IT and Communications The Climate Is Changing Too Fast For You To Still Be Doing What You Did A Year Ago In Your Organizations
  • 6. A Good Reputation Is More Valuable Than Costly Perfume Company Reputation Fines for Non-Compliance Fees for Consumer Protection Loss of Business Credibility Higher Insurance Premiums Irreparable Damage or Loss Lawsuits
  • 7. Incident Response Plan Components Critical Assets – **NEED TO BE IDENTIFIED** – Who Do They Belong To And Who Has Them? – Where They Are Located? – Who Has Privileged Access To Them, What Type, and What For? What is Considered an Incident For Your Company? – Human-Caused: Insider Threat, Untrained Staff – Natural-Caused: Tornadoes, Floods, Earthquakes – Technological-Caused: Power Grid Failure, Transportation Failures
  • 8. Incident Response Plan Components Require a Formal Incident Reporting System Determine a Category Escalation Matrix Incident Trigger-Employee, Self-Report, Notice Team Roles and Responsibilities Investigation Communication Testing and Practice Maintenance and Updates
  • 9. Human-Caused Incidents • Lost/Stolen Mobile Device, Laptops, Tablets • Unauthorized Software/Hardware Installs • Data Leaks/Spills and Breaches • Unauthorized/Improper Use of Access • Ransomware- Locky, CryptoWall, CryptoLocker • Virus Intrusions • Insider Threat Turncoats
  • 10. Escalation Matrix Ideas DOD Chairman of the Joint Chiefs of Staff Matrix Example CJCSM 6510.01B
  • 11. Escalation Matrix Ideas Dept of Homeland Security DHS 4300A Matrix Example
  • 12. Customary Response Team Members INFO TECHNOLOGY CSIRT-IT Sanitizing Team Data Center Security Operations Center Server Management Mainframes Information Security/ Assurance Office Database Administrator Vulnerability Assessment Help Desk Web Developers Classified Network Forensics Infrastructure Protection Program Manager Storage & Virtualization COMSEC Engineers Malware Analysis PKI Certificate Authority Destruction Penetration Testers Network & Sys Admin End Users
  • 13. Blindspots = Vulnerability Everyone Else Evidence Response Teams Supply and Inventory Technicians Vendors and Contractors Policy and Governance Office Privacy/Civil Liberties Physical Security Building Owner for Leased Facilities Inspector General (IG) Office *FTI-US Treasury Supervisors and Managers Facilities Security Officers (FSO)/Clearance Specialists Human Capital (HR) Legal Office Media /Public Affairs Office Finance OSHA Safety Officers Law Enforcement Emergency Management Coordinator Hospital Fire Department Red Cross Insider Threat Crisis Management Coordinators CIRT-Other Acquisition Office Cloud Service Provider Command Centers/Dispatch City, County, State, Tribal, Federal Agencies System Owner Executive Management Your Customers
  • 14. Full Team Roles & Responsibilities CSIRT-IT Sanitizing Team Data Center Security Operations Center Server Management Mainframes Information Security/ Assurance Office Database Admins Vulnerability Assessment Help Desk Web App Classified Network Forensics Infrastructure Protection Program Manager Storage & Virtualization COMSEC Engineers Malware Analysis PKI Certificate Authority Destruction Penetration Testers Network & Sys Admin End Users Evidence Response Teams Supply and Inventory Technicians Vendors and Contractors Policy and Governance Office Privacy/Civil Liberties Physical Security Building Owner for Leased Facilities Inspector General (IG) Office *FTI-US Treasury Supervisors and Managers Facilities Security Officers (FSO)/Clearance Specialists Human Capital (HR) Legal Office Media /Public Affairs Office Finance OSHA Safety Officers Law Enforcement Emergency Management Coordinator Hospital Fire Department Red Cross Insider Threat Crisis Management Coordinators CIRT-Other Acquisition Office Cloud Service Provider Command Centers/Dispatch City, County, State, Tribal, Federal Agencies System Owner Executive Management Your Customers
  • 15.
  • 16. Testing and Practice Improves Response Time and Avoids a Corporate Meltdown Gone are the days when you could simply change the date and replace names in your Security Response Plans
  • 18. Communication Must Notify Everyone Identified In Your Response Plan of Their Role and Responsibilities Annotate Contact Information: Name, Title, Email, Physical Address, Mailing Address, Desk Phone, Cell Phone, Home Phone, After-Hours Phone, Radio Call Sign, Twitter Handle, Skype ID… Communicate the Plan To Your Staff What Good Is A Security Response Plan If No One Knows About It?
  • 20.
  • 21.
  • 22. Cyber Security Information Sharing Act of 2015
  • 23. Who’s Going to Update This?!?CSIRT-IT Sanitizing Team Data Center Security Operations Center Server Management Mainframes Information Security/ Assurance Office Database Admins Vulnerability Assessment Help Desk Web App Classified Network Forensics Infrastructure Protection Program Manager Storage & Virtualization COMSEC Engineers Malware Analysis PKI Certificate Authority Destruction Penetration Testers Network & Sys Admin End Users Evidence Response Teams Supply and Inventory Technicians Vendors and Contractors Policy and Governance Office Privacy/Civil Liberties Physical Security Building Owner for Leased Facilities Inspector General (IG) Office *FTI-US Treasury Supervisors and Managers Facilities Security Officers (FSO)/Clearance Specialists Human Capital (HR) Legal Office Media /Public Affairs Office Finance OSHA Safety Officers Law Enforcement Emergency Management Coordinator Hospital Fire Department Red Cross Insider Threat Crisis Management Coordinators CIRT-Other Acquisition Office Cloud Service Provider Command Centers/Dispatch City, County, State, Tribal, Federal Agencies System Owner Executive Management Your Customers
  • 24. Response Plan Components Review  Identify Company Critical Assets  Who has them (System Owner)  Where they are located  Who has privileged access to them and what type  What is Considered an Incident For You?  Human-Caused: Insider Threat, Untrained Staff  Natural-Caused: Tornadoes, Floods, Earthquakes  Technological-Caused: Power Grid Failure, Transportation Failure  Require a Formal Incident Reporting System  Determine a Category Escalation Matrix  Incident Trigger-Employee, Self-report, Notice  Roles and Responsibilities  Investigation  Communication and Information Sharing  Cyber Security Information Sharing Act of 2015  Testing and Practice  Maintenance and Updates of the Response Plan
  • 25. THANK YOU! For Incident Response Training Information Contact: Mic Martin, President Email: micmartin@mtcyberc.com Tel: 469-340-2804 www.MTCyberC.com