SlideShare a Scribd company logo

Cyber Crisis Management - Kloudlearn

Download as PPTX, PDF
KloudLearn
KloudLearn

Cyber crisis management refers to the plan that includes steps to recover IT Services from an emergency disruption. It is crucial to have a cyber crisis management plan to minimize the impact of incidents while quickly restoring security, operations, and credibility.

Software
1 of 24
Online course offering Cyber Crisis Management “In a crisis, don’t hide behind anything or anybody. They’re going to find you anyway.” - Bear Bryant © KloudLearn www.kloudlearn.com
Learning Objectives © KloudLearn www.kloudlearn.com 2 What is Crisis Common features of Crisis How do you prepare for a cyber attack Crisis Management Lifecycle Preparing for a cyber security crisis Do’s and Don’t
What is Crisis? © KloudLearn www.kloudlearn.com 3 We should start by defining what a cyber security crisis is. Typically, it might be confused with an incident response plan and although they are definitely different, the way we manage the incident response process might end up in a serious crisis. In the case of a crisis, we are facing a situation that might seriously impact the organization, its reputation, financial stability and even its viability as a business. An incident response plan refers to a methodology to cope with day-to-day cyber security events, like virus infections, malwares, DDoS and phishing attacks etc…
● The situation materializes unexpectedly. ● Decisions are required urgently. ● Time is short. ● Urgent demands for information are received. ● There is sense of loss of control. ● Pressures build over time. ● Specific threats are identified Common Features of Crisis © KloudLearn www.kloudlearn.com 4
How do You Prepare for a Cyber Attack? © KloudLearn www.kloudlearn.com 5 ● Readiness: Readiness equates not only to vigilance, for example in the form of 24/7 Monitoring, but also to readiness of resources. ● Response: Management’s response can either contain or escalate an incident; indeed, a poor response can even create a crisis. ● Recovery: Steps to return to normal operations and limit damage to the organization and its stakeholders continue after the incident or crisis. ● Risk = Threat x Vulnerability x Consequence
Crisis Management Lifecycle © KloudLearn www.kloudlearn.com 6
● Involve Your Executive Leadership Team Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 7 ■ This includes the C-suite, i.e CEO, COO, CFO, CIO, CCO ■ This includes business unit leaders, i.e EVPs, SVPs ■ This includes representatives or delegates from legal, HR, Corporate Communications and Marketing ■ These leaders and representatives must be familiar with their role and responsibilities during a crisis
● Create a cyber security crisis management plan ■ Structure of the crisis management team ■ Responsibility matrix with names of the specific individuals ■ Threat matrix with severity levels and associated response protocols ■ Communication templates for customers, business partners, media and external agencies Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 8
● Conduct breach simulations ■ Breach simulation is a tabletop exercise in your boardroom ■ All the key executives need to participate ■ A hypothetical breach scenario is created and the participants are asked to respond ■ Guidance is provided by the moderators ■ The executive team becomes familiar with the process and the sources of information Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 9
● Engage a third party ■ Breach can stay undetected for years but once they are detected there is extreme urgency to investigate ■ Finding the right forensics partner can be a challenge ■ Companies have no choice but to rush into a contract often overlooking critical provisions ■ Social engineering uses which aspects of human nature includes, Trust manipulation, Desire to be helpful, Lack of understanding ■ Legal and compliance teams need to be involved in the review of all contractual language. Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 10
Do’s of Crisis Management ● Call the board and management teams together immediately to plan a response. ● Take advantage of the board’s diversity and hear all perspectives on the situation. ● Be aware that reputation is a driver of market value. ● Make a statement when experiencing more than one crisis at a time or in close succession. ● Monitor your company’s financial ratings after a crisis. Don’ts of Crisis Management ● Don’t ignore the situation. If the choice is to remain silent, continue to monitor it. ● Don’t overlook the speed of social media and how it can be a negative or a positive force. ● Don’t make excuses for poor choices in behavior. ● Don’t underestimate how interconnected systems are. Do’s and Don’ts © KloudLearn www.kloudlearn.com 11
● Data breaches are inevitable. therefore, an organization MUST be prepared to handle one. ● The information security team MUST take the lead in building and socializing a crisis management program. ● The information security team MUST build partnerships with legal, compliance, corporate communication and privacy terms of the company. ● A detailed crisis management plan MUST be created and maintained. ● Periodic simulations MUST be conducted. ● The executives of the company MUST be educated and must fully understand their roles and responsibilities. Key Takeaways © KloudLearn www.kloudlearn.com 12
Test your knowledge! Quiz Quiz
Proactive phase Strategic phase Recovery phase Reactive phase © KloudLearn www.kloudlearn.com In four phases of the Conflict Management Life Cycle. In which phase would an organization’s crisis management plan be implemented? 14
The impact of a given risk The likelihood of a risk © KloudLearn www.kloudlearn.com “Loss of data availability” helps determine which of the following: 15
© KloudLearn www.kloudlearn.com Business, cost, technology, and process should be the main focus while planning Software risk impact assessment. 16 True False
Everyone in the organization. the CIO or CISO executive. A specialized cyber security defense team. © KloudLearn www.kloudlearn.com Cyber security protection of an organization is the responsibility of: 17
© KloudLearn www.kloudlearn.com Risk = Likelihood x Weakness. True or False? 18 True False
Trust manipulation Desire to be helpful Lack of understanding All of the above © KloudLearn www.kloudlearn.com Social engineering uses which aspects of human nature? 19
© KloudLearn www.kloudlearn.com Identification of risk domains and risk exposure are done in the Analysis of Security Risk. 20 True False
Detective Corrective Preventative Deterrent © KloudLearn www.kloudlearn.com Redundant computer servers would be an example of which type of security measure? 21
Cross-site scripting Buffer overflow. SQL injection. System shutdown. © KloudLearn www.kloudlearn.com To avoid ________ , user input should not be put directly into a database. 22
The likelihood of a threat happening The vulnerability of the organization to the threat The cost to mitigate or recover from the threat The duration of the threat event © KloudLearn www.kloudlearn.com Which of the following is not considered a factor in determining cyber risk? 23
Thank You © KloudLearn www.kloudlearn.com 24 KloudLearn, Inc. is headquartered in Silicon Valley, California. Our mission is to help enterprises provide an engaging and impactful learning experience that improves business performance. We provide the industry’s most modern LMS (Learning Management System). For more information visit us at www.kloudlearn.com or reach out to us at info@kloudlearn.com

Recommended

Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Planmhdpaknejad
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 

Recommended

Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Planmhdpaknejad
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxJayLloyd8
 
Bcp drp
Bcp drpBcp drp
Bcp drpaqel aqel
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Bcm Framework PowerPoint Presentation Slides
Bcm Framework PowerPoint Presentation SlidesBcm Framework PowerPoint Presentation Slides
Bcm Framework PowerPoint Presentation SlidesSlideTeam
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+DrpAlfred Ouyang
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
Business continuity
Business continuityBusiness continuity
Business continuityAlka Mehar
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...LDM Global
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 

More Related Content

What's hot

BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxJayLloyd8
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Bcm Framework PowerPoint Presentation Slides
Bcm Framework PowerPoint Presentation SlidesBcm Framework PowerPoint Presentation Slides
Bcm Framework PowerPoint Presentation SlidesSlideTeam
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
Business continuity
Business continuityBusiness continuity
Business continuityAlka Mehar
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 

What's hot (20)

BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
 
Bcp drp
Bcp drpBcp drp
Bcp drp
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic View
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Bcm Framework PowerPoint Presentation Slides
Bcm Framework PowerPoint Presentation SlidesBcm Framework PowerPoint Presentation Slides
Bcm Framework PowerPoint Presentation Slides
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
Business continuity
Business continuityBusiness continuity
Business continuity
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 

Similar to Cyber Crisis Management - Kloudlearn

Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...LDM Global
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk SureCloud
 
1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docxjackiewalcutt
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
Risk monitoring and response
Risk monitoring and responseRisk monitoring and response
Risk monitoring and responseZyrellLalaguna
 
Misconceptions of Business Continuity Planning
Misconceptions of Business Continuity PlanningMisconceptions of Business Continuity Planning
Misconceptions of Business Continuity PlanningSymptai Consulting Limited
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskPECB
 
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...LDM Global
 
Crisis And Risk
Crisis And RiskCrisis And Risk
Crisis And Riskkktv
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
_Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ...
_Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ..._Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ...
_Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ...LDM Global
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 

Similar to Cyber Crisis Management - Kloudlearn (20)

Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
Incident Response with LDM Global_ A Comprehensive Approach to Handling Crisi...
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
Risk Check Survey
Risk Check SurveyRisk Check Survey
Risk Check Survey
 
Crisis management
Crisis managementCrisis management
Crisis management
 
disaster-recovery-online
disaster-recovery-onlinedisaster-recovery-online
disaster-recovery-online
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk
 
1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx
 
Crisis Management.pptx
Crisis Management.pptxCrisis Management.pptx
Crisis Management.pptx
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
 
Risk monitoring and response
Risk monitoring and responseRisk monitoring and response
Risk monitoring and response
 
Managing Reputation
Managing ReputationManaging Reputation
Managing Reputation
 
Risk management
Risk managementRisk management
Risk management
 
Misconceptions of Business Continuity Planning
Misconceptions of Business Continuity PlanningMisconceptions of Business Continuity Planning
Misconceptions of Business Continuity Planning
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing Risk
 
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
Enhancing Data Security_ The Crucial Role of Incident Response in the Modern ...
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LG
 
Crisis And Risk
Crisis And RiskCrisis And Risk
Crisis And Risk
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
_Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ...
_Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ..._Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ...
_Navigating Incident Response_ A Closer Look at LDM Global's Approach in the ...
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 

More from KloudLearn

Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
California Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnCalifornia Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnKloudLearn
 
KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform KloudLearn
 

More from KloudLearn (7)

Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - Kloudlearn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
California Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnCalifornia Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - Kloudlearn
 
KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform
 

Recently uploaded

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 

Recently uploaded (20)

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 

Cyber Crisis Management - Kloudlearn

  • 1. Online course offering Cyber Crisis Management “In a crisis, don’t hide behind anything or anybody. They’re going to find you anyway.” - Bear Bryant © KloudLearn www.kloudlearn.com
  • 2. Learning Objectives © KloudLearn www.kloudlearn.com 2 What is Crisis Common features of Crisis How do you prepare for a cyber attack Crisis Management Lifecycle Preparing for a cyber security crisis Do’s and Don’t
  • 3. What is Crisis? © KloudLearn www.kloudlearn.com 3 We should start by defining what a cyber security crisis is. Typically, it might be confused with an incident response plan and although they are definitely different, the way we manage the incident response process might end up in a serious crisis. In the case of a crisis, we are facing a situation that might seriously impact the organization, its reputation, financial stability and even its viability as a business. An incident response plan refers to a methodology to cope with day-to-day cyber security events, like virus infections, malwares, DDoS and phishing attacks etc…
  • 4. ● The situation materializes unexpectedly. ● Decisions are required urgently. ● Time is short. ● Urgent demands for information are received. ● There is sense of loss of control. ● Pressures build over time. ● Specific threats are identified Common Features of Crisis © KloudLearn www.kloudlearn.com 4
  • 5. How do You Prepare for a Cyber Attack? © KloudLearn www.kloudlearn.com 5 ● Readiness: Readiness equates not only to vigilance, for example in the form of 24/7 Monitoring, but also to readiness of resources. ● Response: Management’s response can either contain or escalate an incident; indeed, a poor response can even create a crisis. ● Recovery: Steps to return to normal operations and limit damage to the organization and its stakeholders continue after the incident or crisis. ● Risk = Threat x Vulnerability x Consequence
  • 6. Crisis Management Lifecycle © KloudLearn www.kloudlearn.com 6
  • 7. ● Involve Your Executive Leadership Team Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 7 ■ This includes the C-suite, i.e CEO, COO, CFO, CIO, CCO ■ This includes business unit leaders, i.e EVPs, SVPs ■ This includes representatives or delegates from legal, HR, Corporate Communications and Marketing ■ These leaders and representatives must be familiar with their role and responsibilities during a crisis
  • 8. ● Create a cyber security crisis management plan ■ Structure of the crisis management team ■ Responsibility matrix with names of the specific individuals ■ Threat matrix with severity levels and associated response protocols ■ Communication templates for customers, business partners, media and external agencies Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 8
  • 9. ● Conduct breach simulations ■ Breach simulation is a tabletop exercise in your boardroom ■ All the key executives need to participate ■ A hypothetical breach scenario is created and the participants are asked to respond ■ Guidance is provided by the moderators ■ The executive team becomes familiar with the process and the sources of information Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 9
  • 10. ● Engage a third party ■ Breach can stay undetected for years but once they are detected there is extreme urgency to investigate ■ Finding the right forensics partner can be a challenge ■ Companies have no choice but to rush into a contract often overlooking critical provisions ■ Social engineering uses which aspects of human nature includes, Trust manipulation, Desire to be helpful, Lack of understanding ■ Legal and compliance teams need to be involved in the review of all contractual language. Preparing for a Cyber Security Crisis © KloudLearn www.kloudlearn.com 10
  • 11. Do’s of Crisis Management ● Call the board and management teams together immediately to plan a response. ● Take advantage of the board’s diversity and hear all perspectives on the situation. ● Be aware that reputation is a driver of market value. ● Make a statement when experiencing more than one crisis at a time or in close succession. ● Monitor your company’s financial ratings after a crisis. Don’ts of Crisis Management ● Don’t ignore the situation. If the choice is to remain silent, continue to monitor it. ● Don’t overlook the speed of social media and how it can be a negative or a positive force. ● Don’t make excuses for poor choices in behavior. ● Don’t underestimate how interconnected systems are. Do’s and Don’ts © KloudLearn www.kloudlearn.com 11
  • 12. ● Data breaches are inevitable. therefore, an organization MUST be prepared to handle one. ● The information security team MUST take the lead in building and socializing a crisis management program. ● The information security team MUST build partnerships with legal, compliance, corporate communication and privacy terms of the company. ● A detailed crisis management plan MUST be created and maintained. ● Periodic simulations MUST be conducted. ● The executives of the company MUST be educated and must fully understand their roles and responsibilities. Key Takeaways © KloudLearn www.kloudlearn.com 12
  • 14. Proactive phase Strategic phase Recovery phase Reactive phase © KloudLearn www.kloudlearn.com In four phases of the Conflict Management Life Cycle. In which phase would an organization’s crisis management plan be implemented? 14
  • 15. The impact of a given risk The likelihood of a risk © KloudLearn www.kloudlearn.com “Loss of data availability” helps determine which of the following: 15
  • 16. © KloudLearn www.kloudlearn.com Business, cost, technology, and process should be the main focus while planning Software risk impact assessment. 16 True False
  • 17. Everyone in the organization. the CIO or CISO executive. A specialized cyber security defense team. © KloudLearn www.kloudlearn.com Cyber security protection of an organization is the responsibility of: 17
  • 18. © KloudLearn www.kloudlearn.com Risk = Likelihood x Weakness. True or False? 18 True False
  • 19. Trust manipulation Desire to be helpful Lack of understanding All of the above © KloudLearn www.kloudlearn.com Social engineering uses which aspects of human nature? 19
  • 20. © KloudLearn www.kloudlearn.com Identification of risk domains and risk exposure are done in the Analysis of Security Risk. 20 True False
  • 21. Detective Corrective Preventative Deterrent © KloudLearn www.kloudlearn.com Redundant computer servers would be an example of which type of security measure? 21
  • 22. Cross-site scripting Buffer overflow. SQL injection. System shutdown. © KloudLearn www.kloudlearn.com To avoid ________ , user input should not be put directly into a database. 22
  • 23. The likelihood of a threat happening The vulnerability of the organization to the threat The cost to mitigate or recover from the threat The duration of the threat event © KloudLearn www.kloudlearn.com Which of the following is not considered a factor in determining cyber risk? 23
  • 24. Thank You © KloudLearn www.kloudlearn.com 24 KloudLearn, Inc. is headquartered in Silicon Valley, California. Our mission is to help enterprises provide an engaging and impactful learning experience that improves business performance. We provide the industry’s most modern LMS (Learning Management System). For more information visit us at www.kloudlearn.com or reach out to us at info@kloudlearn.com