SlideShare ist ein Scribd-Unternehmen logo

Breach response

Claudiu Popa
Claudiu Popa

Best Practices For Incident Response Management in SME vs. Enterprise

Technologie
1 von 14
Best Practices for Incident Response Management in SME vs. Enterprise Claudiu Popa, CISSP CISA CIPP CRMP President, Informatica Corporation
on the agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Diverging approaches ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
ISO 27000 Define overall scope of program Look for IM in security policy Conduct a risk assessment or BIA Manage identified risks Select IM-specific controls Report on IM control & ISIRT* effectiveness *Information Security Incident Response Team Structure Risk Assessment and Treatment Security Policy Organization of Information Security Asset Management Human Resources Security Physical Security Communications and Ops Management Access Control Information Systems Acquisition, Development, Maintenance Information Security Incident management Business Continuity Compliance 001 Audit 002 Content
Incident Management Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
1. Report information security events and weaknesses ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
2. Report information security events as quickly as possible ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
3. Report security weaknesses in systems and services ,[object Object],[object Object],[object Object],Large Enterprise SME
4. Manage information security incidents and improvements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
5. Establish incident response responsibilities and procedures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
6. Learn from your information security incidents ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
7. Collect evidence to support your actions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Large Enterprise SME
Discussion Where is incident management headed? What is the evolution of breach response? Are there any competitive / financial benefits?
about ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-template
Mohamed Owaish
 
Testing
TestingTesting
Testing
lorenceman
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
Donald E. Hester
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
8 steps to an efficient sms
8 steps to an efficient sms8 steps to an efficient sms
8 steps to an efficient sms
bobtrevelyan
 

Empfohlen

Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-template
Mohamed Owaish
 
Testing
TestingTesting
Testing
lorenceman
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
Donald E. Hester
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
8 steps to an efficient sms
8 steps to an efficient sms8 steps to an efficient sms
8 steps to an efficient sms
bobtrevelyan
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agenda
Hernan Huwyler, MBA CPA
 
Role management
Role managementRole management
Role management
Abidullah Zarghoon
 
Chapter003
Chapter003Chapter003
Chapter003
Jeanie Delos Arcos
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
Hernan Huwyler, MBA CPA
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler, MBA CPA
 
Healthcare It Security Risk 0310
Healthcare It Security Risk 0310Healthcare It Security Risk 0310
Healthcare It Security Risk 0310
John Reno
 
IDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk dataIDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk data
Hernan Huwyler, MBA CPA
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler, MBA CPA
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic
Thang Cao (He/Him)
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
Hernan Huwyler, MBA CPA
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
EnclaveSecurity
 
CISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.orgCISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.org
IEVISION IT SERVICES Pvt. Ltd
 
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
Ed Sattar
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Hernan Huwyler, MBA CPA
 
Hernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus PandemicHernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler, MBA CPA
 
Hernan Huwyler 10 Compliance Risk Assessment Mistakes
Hernan Huwyler 10 Compliance Risk Assessment MistakesHernan Huwyler 10 Compliance Risk Assessment Mistakes
Hernan Huwyler 10 Compliance Risk Assessment Mistakes
Hernan Huwyler, MBA CPA
 
Certification of Metatrader
Certification of MetatraderCertification of Metatrader
Certification of Metatrader
peter Bahgat
 
Cristo es el rey
Cristo es el reyCristo es el rey
Cristo es el rey
mishucvaleaga
 

Weitere ähnliche Inhalte

Was ist angesagt?

IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agenda
Hernan Huwyler, MBA CPA
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
Ed Sattar
 

Was ist angesagt? (20)

IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agenda
 
Role management
Role managementRole management
Role management
 
Chapter003
Chapter003Chapter003
Chapter003
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
 
Healthcare It Security Risk 0310
Healthcare It Security Risk 0310Healthcare It Security Risk 0310
Healthcare It Security Risk 0310
 
IDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk dataIDA DTU RiskLab How to validate your risk data
IDA DTU RiskLab How to validate your risk data
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
 
Hernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfireHernan Huwyler - 10 risk concepts to throw on the bonfire
Hernan Huwyler - 10 risk concepts to throw on the bonfire
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
CISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.orgCISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.org
 
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
ASSE Safety 2016: Ed Sattar Speaks about Operational Risk and Regulatory Chan...
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
Hernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus PandemicHernan Huwyler Corporate Compliance During the Coronavirus Pandemic
Hernan Huwyler Corporate Compliance During the Coronavirus Pandemic
 
Hernan Huwyler 10 Compliance Risk Assessment Mistakes
Hernan Huwyler 10 Compliance Risk Assessment MistakesHernan Huwyler 10 Compliance Risk Assessment Mistakes
Hernan Huwyler 10 Compliance Risk Assessment Mistakes
 

Andere mochten auch

Certification of Metatrader
Certification of MetatraderCertification of Metatrader
Certification of Metatrader
peter Bahgat
 
Ayush Resume NEW .
Ayush Resume NEW .Ayush Resume NEW .
Ayush Resume NEW .
Ayush Gaur
 
catalogue Eurostark (2)
catalogue Eurostark (2)catalogue Eurostark (2)
catalogue Eurostark (2)
Hoa Vu
 
Certificate of Attendance - Kalimat - From Logic Training & HR Development
Certificate of Attendance - Kalimat - From Logic Training & HR DevelopmentCertificate of Attendance - Kalimat - From Logic Training & HR Development
Certificate of Attendance - Kalimat - From Logic Training & HR Development
peter Bahgat
 
особиста гігієна. догляд за зубами. 2 клас
особиста гігієна. догляд за зубами. 2 класособиста гігієна. догляд за зубами. 2 клас
особиста гігієна. догляд за зубами. 2 клас
Тетяна Явдоніч
 

Andere mochten auch (17)

Certification of Metatrader
Certification of MetatraderCertification of Metatrader
Certification of Metatrader
 
Cristo es el rey
Cristo es el reyCristo es el rey
Cristo es el rey
 
разнообразие костных рыб
разнообразие костных рыбразнообразие костных рыб
разнообразие костных рыб
 
VisitIndiana.com Opportunities and Social Media - Indiana Campground Owners A...
VisitIndiana.com Opportunities and Social Media - Indiana Campground Owners A...VisitIndiana.com Opportunities and Social Media - Indiana Campground Owners A...
VisitIndiana.com Opportunities and Social Media - Indiana Campground Owners A...
 
1
11
1
 
PukkelPop2012
PukkelPop2012PukkelPop2012
PukkelPop2012
 
Jggvhgvh
JggvhgvhJggvhgvh
Jggvhgvh
 
Mètode EEAC
Mètode EEACMètode EEAC
Mètode EEAC
 
Ayush Resume NEW .
Ayush Resume NEW .Ayush Resume NEW .
Ayush Resume NEW .
 
Pukkelpop
PukkelpopPukkelpop
Pukkelpop
 
catalogue Eurostark (2)
catalogue Eurostark (2)catalogue Eurostark (2)
catalogue Eurostark (2)
 
Certificate of Attendance - Kalimat - From Logic Training & HR Development
Certificate of Attendance - Kalimat - From Logic Training & HR DevelopmentCertificate of Attendance - Kalimat - From Logic Training & HR Development
Certificate of Attendance - Kalimat - From Logic Training & HR Development
 
ebvsecsv
ebvsecsvebvsecsv
ebvsecsv
 
дієвідміни дієслів
дієвідміни дієслівдієвідміни дієслів
дієвідміни дієслів
 
становлення еволюційних поглядів
становлення еволюційних поглядівстановлення еволюційних поглядів
становлення еволюційних поглядів
 
Mystery solved pages vs posts
Mystery solved pages vs postsMystery solved pages vs posts
Mystery solved pages vs posts
 
особиста гігієна. догляд за зубами. 2 клас
особиста гігієна. догляд за зубами. 2 класособиста гігієна. догляд за зубами. 2 клас
особиста гігієна. догляд за зубами. 2 клас
 

Ähnlich wie Breach response

Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Tammy Clark
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
Manish Dixit Ceh
 
Key Safety Initiatives1
Key Safety Initiatives1Key Safety Initiatives1
Key Safety Initiatives1
wallstreet1
 
Key Safety Initiatives1
Key Safety Initiatives1Key Safety Initiatives1
Key Safety Initiatives1
wallstreet1
 

Ähnlich wie Breach response (20)

Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxFusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Cissp Study notes.pdf
Cissp Study notes.pdfCissp Study notes.pdf
Cissp Study notes.pdf
 
Creating a compliance assessment program on a tight budget
Creating a compliance assessment program on a tight budgetCreating a compliance assessment program on a tight budget
Creating a compliance assessment program on a tight budget
 
Chapter004
Chapter004Chapter004
Chapter004
 
Key Safety Initiatives1
Key Safety Initiatives1Key Safety Initiatives1
Key Safety Initiatives1
 
Key Safety Initiatives1
Key Safety Initiatives1Key Safety Initiatives1
Key Safety Initiatives1
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Security policies
Security policiesSecurity policies
Security policies
 
Keeping Score on Testing
Keeping Score on TestingKeeping Score on Testing
Keeping Score on Testing
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Breach response

  • 1. Best Practices for Incident Response Management in SME vs. Enterprise Claudiu Popa, CISSP CISA CIPP CRMP President, Informatica Corporation
  • 2.
  • 3.
  • 4. ISO 27000 Define overall scope of program Look for IM in security policy Conduct a risk assessment or BIA Manage identified risks Select IM-specific controls Report on IM control & ISIRT* effectiveness *Information Security Incident Response Team Structure Risk Assessment and Treatment Security Policy Organization of Information Security Asset Management Human Resources Security Physical Security Communications and Ops Management Access Control Information Systems Acquisition, Development, Maintenance Information Security Incident management Business Continuity Compliance 001 Audit 002 Content
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. Discussion Where is incident management headed? What is the evolution of breach response? Are there any competitive / financial benefits?
  • 14.

Hinweis der Redaktion

  1. A best practice discussion on what a solid Incident Response Plan (IRP) should look like, as well as an analysis of the ISO 27001 standards, with particular attention on the differences between SME’s and large organizations.
  2. The content sections are: Structure Risk Assessment and Treatment Security Policy Organization of Information Security Asset Management Human Resources Security Physical Security Communications and Ops Management Access Control Information Systems Acquisition, Development, Maintenance Information Security Incident management Business Continuity Compliance
  3. 13. INFORMATION SECURITY INCIDENT MANAGEMENT 13.1 REPORT INFORMATION SECURITY EVENTS AND WEAKNESSES 13.1.1 REPORT INFORMATION SECURITY EVENTS AS QUICKLY AS POSSIBLE 13.1.2 REPORT SECURITY WEAKNESSES IN SYSTEMS AND SERVICES 13.2 MANAGE INFORMATION SECURITY INCIDENTS AND IMPROVEMENTS 13.2.1 ESTABLISH INCIDENT RESPONSE RESPONSIBILITIES AND PROCEDURES 13.2.2 LEARN FROM YOUR INFORMATION SECURITY INCIDENTS 13.2.3 COLLECT EVIDENCE TO SUPPORT YOUR ACTIONS