SlideShare ist ein Scribd-Unternehmen logo

Cybersecurity crisis management a prep guide

J
JoAnna Cheshire

Presented at InnoTech Dallas 2018. All rights reserved.

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
Shamoun Siddiqui, PhD, CISSP CISO, Neiman Marcus Group
Breaches – Two Weeks in 2018 April 3, 2018 – registration information for up to 7 million consumers who created an account on Panerabread.com was exposed April 1, 2018 – hackers store payments information from 5 million consumers via store payments systems; 125,000 card numbers found for sale on the Dark Web March 29.2018 – MyFitnessPal app is breached and registration info on up to 150 million users is hacked Late March 2018 – [24]7.ai, a customers services operations company, reported a breach that occurred in Sept/Oct 2017 resulted in the access of payments information from its client companies Source: First Data Corporation
◦ In 2017 there were 1579 data breaches that were reported and recorded with an estimated 179 million records exposed ◦ The number of data breaches represented a 44% increase over the number reported in 2016 and the number of records lost was up by 400%! ◦ As of the week of April 16, 2018 ◦ Number of reported data breaches = 319 ◦ Number of data records lost/stolen = 11 million + Source: Identity Theft Resource Center
 For organizations that store, process or transmit sensitive information, a data breach is an eventuality. A data breach represents a “cybersecurity crisis”!  No organization can achieve complete and total cybersecurity  Avoiding a cyber crisis comes down to: ◦ Managing the incident before, during and after it unfolds ◦ Ensuring that a cyber incident is not seen as purely an IT issue by company execs ◦ Ensuring the multiple functions across the company are aware and prepared to deal with a cyber crisis ◦ Realizing that a poor response can exacerbate a crisis
 A computer incident could refer to day-to-day security incidents such as malware infections, application or network disruptions involving limited information disclosure. Incidents are handled routinely as per the Incident Response Procedure and limited visibility may be provided to the CIO and other executives  A cybersecurity crisis refers to a more serious situation that has the potential to cause significant financial, reputation or brand damage to the company. Examples include a major denial of service attack, known or suspected infiltration by bad actors or loss of large amounts of sensitive data. The company’s C-suite needs to be notified and typically stays engaged until closure A computer incident can quickly escalate into a cybersecurity crisis
Source: Deloitte - Cyber crisis management Readiness, response, and recovery
 Company’s executive leadership lacks sufficient understanding of their roles or what information they will need in order to make decisions during a cybersecurity crisis  Information security team practices incident response in isolation from the executives and business leaders  No playbook exists defining actions and/or decision points for responders  If processes have been defined, they are rarely tested for effectiveness  Triggers to escalate an incident to senior management are not clearly defined  Communication protocols are not defined and templates do not exist  There are no clearly defined guidelines on when to engage law enforcement, internal/external counsel or when to notify affected parties or customers  Cyber security insurance coverage either does not exist or is unclear
 An organization must be ready to: ◦ Respond quickly and effectively ◦ Provide information to a multitude of internal and external stakeholders ◦ Update or change existing agreements / arrangements with business partners ◦ Respond to legal or regulatory requirements ◦ Engage in proactive communications to public and media ◦ Monitor social media channels and respond accordingly
 Home Depot ◦ Responded within hours of breach confirmation ◦ Took full responsibility and apologized ◦ CEO personally apologized in a well written letter ◦ Set up a call center to handle 50,000 call per day ◦ Within 2 weeks updated their technology  Anthem ◦ Self discovered the breach and announced immediately ◦ WSJ called it a textbook case in effective crisis management ◦ Anthem created a dedicated website to provide updates on the breach ◦ Website clearly identifies who was affected and exactly what was lost
 Uber ◦ The company concealed the breach ◦ Paid hackers $100K to keep it quiet and delete the data ◦ No apologies and no statements from the CEO early on  Equifax ◦ Took more than a month to disclose ◦ Completely ignored the significance of the emotional connection between company and consumers ◦ Created a website that was not on the corp domain resulting in numerous phishing messaged ◦ Required more personal data and provided vague response ◦ Credit protection agreement included a clause that excluded consumer from a class action
Source: Deloitte - Cyber crisis management Readiness, response, and recovery
 Team composition  Staff training  Periodic testing  Communication plans
 Executive involvement  Executive training  Critical third parties  Communication channels
 Tools and technologies in portfolio  Forensic capabilities  Threat intelligence utilization  Incident response plans
 Critical business applications and processes  Business limitations and acceptable risk  RTO and RPO requirements  Resource requirements for recovery
 State and federal notification requirements  Law enforcement engagement  Effect on compliance mandates  Obligations to affected parties and stakeholders
 Root cause analysis  Cleanup  Lessons learned database  Additional people, process and technologies More reading: https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Risk/gx-cm-cyber-pov.pdf
Step – 1: Involve Your Executive Leadership Team This includes the C-suite, i.e CEO, COO, CFO, CIO, CCO This includes business unit leaders, i.e EVPs, SVPs This includes representatives or delegates from Legal, HR, Corporate Communications and Marketing These leaders and representatives must be familiar with their role and responsibilities during a crisis
Step – 2: Create a Cyber Security Crisis Management Plan Ideally, the crisis management plan should be a separate document, with the following essential elements: • Structure of the crisis management team • Responsibility matrix with names of the specific individuals • Threat matrix with severity levels and associated response protocols • Communication templates for customers, business partners, media and external agencies • Procedures to inform authorities and affected parties and to provide identity and credit protection services
Step – 3: Conduct Breach Simulations • Breach simulation is a table top exercise in your boardroom • All the key executives need to participate • A hypothetical breach scenario is created and the participants are asked to respond • Guidance is provided by the moderators • The executive team becomes familiar with the process and the sources of information
Step – 4: Engage a Third Party • Breach can stay undetected for years but once they are detected there is extreme urgency to investigate • Finding the right forensics partner can be a challenge • Companies have no choice but to rush into a contract often overlooking critical provisions • Legal and compliance teams need to be involved in the review of all contractual language • Internal or external legal counsel should be used to engage the third party forensic company and attorney client privileges should be protected in the contract language
• Data breaches are inevitable. Therefore, an organization MUST be prepared to handle one • The information security team MUST take the lead in building and socializing a crisis management program • The information security team MUST build partnerships with Legal, Compliance, Corporate Communication and Privacy teams of the company • A detailed crisis management plan MUST be created and maintained • Periodic simulations MUST be conducted • The executives of the company MUST be educated and must fully understand their roles and responsibilities
THANK YOU
Appendix Sample Templates
If data loss is confirmed, the State Attorney Generals must be notified in accordance with the State’s privacy directives. 47 states and 3 U.S. territories all have their own data breach laws, enforced by state attorneys general. Breach notification letters must be sent to the individuals whose personal information was lost or compromised. Some States like California, Massachusetts, New York, North Carolina, Illinois, West Virginia and Maryland have specific formats that must be followed. All other states do not have any constraints. Create and maintain a repository of breach notification letters for all the states where your customers reside
DEPARTMENT / TEAM REPRESENTATIVE TITLE RESPONSIBILITY EXEC LEADERSHIP BRIAN WILLIAMS CEO Inform Board of Directors on the status of breach investigations etc EXEC LEDERSHIP PETER ALEXANDER CFO Determine cost of breach and data loss COPORATE COMMUNICATIONS HALEY JACKSON SVP Ensure consistent and timeline communications to media and authorities HR MANU RAJU EVP Determine impact on employees CUSTOMER RELATIONS KRISTEN WELKER DIRECTOR Establish and maintain communications with customers LEGAL CHUCK TODD CORPORATE COUNSEL Engage internal and external legal teams to ensure compliance with laws
INCIDENT SCOPE SEVERITY ACTION DENIAL OF SERVICE ATTACK Limited to no impact on business apps LOW Monitor traffic Fine tune DDoS appliances to eliminate noise Inform ISP Crtical business application performance impacted MEDIUM Initiate incident response protocol Engage ISP Perform RCA Provide updtes to affected parties Internet access down. Business apps offline HIGH Initiate crisis management protocol Inform executives and business leaders Craft and send communications to customers and other parties POTENTIAL DATA LOSS Limited data exposed by CSR LOW Send apology letters Provide credit protection to affected individuals Inform State AGs Moderate amount of data lost or exposed MEDIUM Initiate incident response protocol Suspected data breach HIGH Initiate crisis management protocol Consult with corporate counsel, privacy and compliance officers Inform Board of Directors Update communication templates for media, customers, investors and authorities Engage forensics teams Engage external counsel
Create generic communication templates for the various possible scenarios and have them vetted and approved by corporate communication, privacy and legal Sample Communication-1 We are currently investigating a Denial of Service attack on our website that is resulting in degraded performance. At this time, we have confirmed that no customer data is impacted. We are working closely with our ISP and our IT service provider to restore services. As more information become available, we will be sure to provide you with regular updates. Sample Communication-2 As of approximately 11:00 am CST, we have become aware of a potential compromise of our network and systems. At this time, we are unable to confirm the extent of the compromise and whether sensitive data could have been lost. We are working closely with the authorities and with internal and external cyber security experts to determine the nature and extent of compromise. We will provide regular updates on our website at www.abccompany.com and will conduct media briefing as necessary
Sample Communication-3 Over the course the past 24 hours we have been able to obtain further details of the incident that affected [our network, website, systems]. We have confirmed that [nature of the incident, how many people were affected, what data was lost]. We are still investigating [the cause of the incident, the people/event behind the incident, extent of the incident]. We have engaged[law enforcement, cyber forensics etc]. We have also enlisted the help of [additional resources brought in to assist with the incident] to assist us in immediately mitigating the incident. We will continue to provide you with updates as new information become available. We recommend that you monitor our website at [insert website address] for the latest information.
Borrower’s Name Date:____________ Street Address City, Zip Code Dear Mr. ___________ We are writing to inform you of an incident involving your personal information. On (INSERT INCIDENT DATE), an incident occurred where your non-public information may have been viewed by a third-party. While we do not believe your information will be misused, out of an abundance of caution we are notifying you so you may take steps to protect yourself against misuse of your information. Always remember to carefully review your statements every month to identify any unauthorized transactions. If you see any items on your statement you believe are not yours, please contact us immediately. Remain vigilant over the next 12 to 24 months and promptly report incidents of suspected identity theft or unauthorized activity to us and the appropriate law enforcement agency. To help protect your identity, we are offering a complimentary one (1) year membership of Experian’s ProtectMyIDTM Elite. This product helps detect possible misuse of your personal information and provides you with superior identity protection services focused on immediate identification and resolution of identity theft. Activate ProtectMyID Now in Three Easy Steps: ENSURE That You Enroll By: INSERT ENROLLMENT DATE Visit ProtectMyID Web Site: www.protectmyid.com/enroll or call 877-441-6943 to enroll Your Activation Code (INSERT CODE) . .
T0 A reputable cyber security blogger has published information on his website indicating that ABC Company may have been affected by a recent well publicized hack in which customer’s sensitive data was exposed. The blogger speculates that connection between ABC Company and the publicized hack and provides some evidence that ABC Company’s account and password information is available on the dark web. Customers and the media begin to call the company wanting to know if their personal information has been compromised. Media outlets want to know if the company has an official statement. Questions for the team • What is the first course of action? • What are the immediate priorities? • What type of communication should be issued?
T0 + 7 ABC Company’s CISO receives a call from the FBI who indicate that based on their investigations, they believe that the compromise of ABC Company’s information systems occurred over 3 months ago. They have reason to believe that large amounts of customer sensitive data, including credit card numbers may have been exposed. In the meantime, media attention has steadily increased and newspapers articles and television stories being published. ABC Company’s employees are being approached by local media outlets for exclusive interviews. Traffic to the company website has increased and performance has been affected. Customer service calls are creating a backlog with long wait times. The Board of Directors is getting inquiries from the media and is asking for urgent updates Questions for the team • How does your response to the incident change based on these development • Have the priorities changed? • How would you update the communications? • Who would you engage at this stage?
T0 + 21 Media and public response is harsh despite continued PR efforts. There is now open talk of suing the company and authorities have launched inquiries. The PCI council is involved and insisting on bringing in their their own forensics company. Forensics teams have found evidence of the hack going back 14 months and traces of ongoing activities. A Chinese organization dubbed Deep Panda is likely to be involved based on the hash signatures of the Derusbi command and control software. The Board of Directors is becoming increasingly inpatient and insisting on a comprehensive plan to remediate the current situation and prevent this scenario from happening again. ABC Company begins to quantify cost of the breach and determine how much of their investigative efforts and expenditures will be covered by their cyber insurance policy. Questions for the team • How does your response to the incident change based on these development • Have the priorities changed? • How would you update the communications? • Who would you engage at this stage?

Empfohlen

Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 

Empfohlen

Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Crisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksCrisis Management Techniques for Cyber Attacks
Crisis Management Techniques for Cyber AttacksPECB
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 

Weitere ähnliche Inhalte

Was ist angesagt?

Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

Was ist angesagt? (20)

Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Ähnlich wie Cybersecurity crisis management a prep guide

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...Financial Poise
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Audit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingAudit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingTory Quinton
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftCBIZ, Inc.
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskElizabeth Dimit
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 

Ähnlich wie Cybersecurity crisis management a prep guide (20)

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Audit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingAudit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge Training
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party Risk
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 

Mehr von JoAnna Cheshire

The SharePoint Migration Playbook
The SharePoint Migration PlaybookThe SharePoint Migration Playbook
The SharePoint Migration PlaybookJoAnna Cheshire
 
Introduction to SharePoint Framework
Introduction to SharePoint FrameworkIntroduction to SharePoint Framework
Introduction to SharePoint FrameworkJoAnna Cheshire
 
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuidePowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuideJoAnna Cheshire
 
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveArtificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveJoAnna Cheshire
 
Modernizing Data Management
Modernizing Data Management Modernizing Data Management
Modernizing Data Management JoAnna Cheshire
 
Microsoft and Enterprise Search
Microsoft and Enterprise Search Microsoft and Enterprise Search
Microsoft and Enterprise Search JoAnna Cheshire
 
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsIntroduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsJoAnna Cheshire
 
Accelerate your business with flow
Accelerate your business with flowAccelerate your business with flow
Accelerate your business with flowJoAnna Cheshire
 
Building applications for your business using power apps and flow
Building applications for your business using power apps and flowBuilding applications for your business using power apps and flow
Building applications for your business using power apps and flowJoAnna Cheshire
 
The Decomposition Dilemma
The Decomposition DilemmaThe Decomposition Dilemma
The Decomposition DilemmaJoAnna Cheshire
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itJoAnna Cheshire
 
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageThe New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageJoAnna Cheshire
 
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreHealthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreJoAnna Cheshire
 
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...JoAnna Cheshire
 
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandDefine Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandJoAnna Cheshire
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
A UX first approach to Office 365 migrations
A UX first approach to Office 365 migrationsA UX first approach to Office 365 migrations
A UX first approach to Office 365 migrationsJoAnna Cheshire
 

Mehr von JoAnna Cheshire (20)

The Future of Work
The Future of WorkThe Future of Work
The Future of Work
 
Catching the Next Train
Catching the Next TrainCatching the Next Train
Catching the Next Train
 
The SharePoint Migration Playbook
The SharePoint Migration PlaybookThe SharePoint Migration Playbook
The SharePoint Migration Playbook
 
Introduction to SharePoint Framework
Introduction to SharePoint FrameworkIntroduction to SharePoint Framework
Introduction to SharePoint Framework
 
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuidePowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
 
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveArtificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
 
Modernizing Data Management
Modernizing Data Management Modernizing Data Management
Modernizing Data Management
 
Microsoft and Enterprise Search
Microsoft and Enterprise Search Microsoft and Enterprise Search
Microsoft and Enterprise Search
 
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsIntroduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
 
Accelerate your business with flow
Accelerate your business with flowAccelerate your business with flow
Accelerate your business with flow
 
Building applications for your business using power apps and flow
Building applications for your business using power apps and flowBuilding applications for your business using power apps and flow
Building applications for your business using power apps and flow
 
The Decomposition Dilemma
The Decomposition DilemmaThe Decomposition Dilemma
The Decomposition Dilemma
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
 
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageThe New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
 
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreHealthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
 
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
 
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandDefine Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
A UX first approach to Office 365 migrations
A UX first approach to Office 365 migrationsA UX first approach to Office 365 migrations
A UX first approach to Office 365 migrations
 

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Cybersecurity crisis management a prep guide

  • 1. Shamoun Siddiqui, PhD, CISSP CISO, Neiman Marcus Group
  • 2.
  • 3. Breaches – Two Weeks in 2018 April 3, 2018 – registration information for up to 7 million consumers who created an account on Panerabread.com was exposed April 1, 2018 – hackers store payments information from 5 million consumers via store payments systems; 125,000 card numbers found for sale on the Dark Web March 29.2018 – MyFitnessPal app is breached and registration info on up to 150 million users is hacked Late March 2018 – [24]7.ai, a customers services operations company, reported a breach that occurred in Sept/Oct 2017 resulted in the access of payments information from its client companies Source: First Data Corporation
  • 4. ◦ In 2017 there were 1579 data breaches that were reported and recorded with an estimated 179 million records exposed ◦ The number of data breaches represented a 44% increase over the number reported in 2016 and the number of records lost was up by 400%! ◦ As of the week of April 16, 2018 ◦ Number of reported data breaches = 319 ◦ Number of data records lost/stolen = 11 million + Source: Identity Theft Resource Center
  • 5.
  • 6.  For organizations that store, process or transmit sensitive information, a data breach is an eventuality. A data breach represents a “cybersecurity crisis”!  No organization can achieve complete and total cybersecurity  Avoiding a cyber crisis comes down to: ◦ Managing the incident before, during and after it unfolds ◦ Ensuring that a cyber incident is not seen as purely an IT issue by company execs ◦ Ensuring the multiple functions across the company are aware and prepared to deal with a cyber crisis ◦ Realizing that a poor response can exacerbate a crisis
  • 7.  A computer incident could refer to day-to-day security incidents such as malware infections, application or network disruptions involving limited information disclosure. Incidents are handled routinely as per the Incident Response Procedure and limited visibility may be provided to the CIO and other executives  A cybersecurity crisis refers to a more serious situation that has the potential to cause significant financial, reputation or brand damage to the company. Examples include a major denial of service attack, known or suspected infiltration by bad actors or loss of large amounts of sensitive data. The company’s C-suite needs to be notified and typically stays engaged until closure A computer incident can quickly escalate into a cybersecurity crisis
  • 8. Source: Deloitte - Cyber crisis management Readiness, response, and recovery
  • 9.  Company’s executive leadership lacks sufficient understanding of their roles or what information they will need in order to make decisions during a cybersecurity crisis  Information security team practices incident response in isolation from the executives and business leaders  No playbook exists defining actions and/or decision points for responders  If processes have been defined, they are rarely tested for effectiveness  Triggers to escalate an incident to senior management are not clearly defined  Communication protocols are not defined and templates do not exist  There are no clearly defined guidelines on when to engage law enforcement, internal/external counsel or when to notify affected parties or customers  Cyber security insurance coverage either does not exist or is unclear
  • 10.  An organization must be ready to: ◦ Respond quickly and effectively ◦ Provide information to a multitude of internal and external stakeholders ◦ Update or change existing agreements / arrangements with business partners ◦ Respond to legal or regulatory requirements ◦ Engage in proactive communications to public and media ◦ Monitor social media channels and respond accordingly
  • 11.  Home Depot ◦ Responded within hours of breach confirmation ◦ Took full responsibility and apologized ◦ CEO personally apologized in a well written letter ◦ Set up a call center to handle 50,000 call per day ◦ Within 2 weeks updated their technology  Anthem ◦ Self discovered the breach and announced immediately ◦ WSJ called it a textbook case in effective crisis management ◦ Anthem created a dedicated website to provide updates on the breach ◦ Website clearly identifies who was affected and exactly what was lost
  • 12.  Uber ◦ The company concealed the breach ◦ Paid hackers $100K to keep it quiet and delete the data ◦ No apologies and no statements from the CEO early on  Equifax ◦ Took more than a month to disclose ◦ Completely ignored the significance of the emotional connection between company and consumers ◦ Created a website that was not on the corp domain resulting in numerous phishing messaged ◦ Required more personal data and provided vague response ◦ Credit protection agreement included a clause that excluded consumer from a class action
  • 13. Source: Deloitte - Cyber crisis management Readiness, response, and recovery
  • 14.  Team composition  Staff training  Periodic testing  Communication plans
  • 15.  Executive involvement  Executive training  Critical third parties  Communication channels
  • 16.  Tools and technologies in portfolio  Forensic capabilities  Threat intelligence utilization  Incident response plans
  • 17.  Critical business applications and processes  Business limitations and acceptable risk  RTO and RPO requirements  Resource requirements for recovery
  • 18.  State and federal notification requirements  Law enforcement engagement  Effect on compliance mandates  Obligations to affected parties and stakeholders
  • 19.  Root cause analysis  Cleanup  Lessons learned database  Additional people, process and technologies More reading: https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Risk/gx-cm-cyber-pov.pdf
  • 20. Step – 1: Involve Your Executive Leadership Team This includes the C-suite, i.e CEO, COO, CFO, CIO, CCO This includes business unit leaders, i.e EVPs, SVPs This includes representatives or delegates from Legal, HR, Corporate Communications and Marketing These leaders and representatives must be familiar with their role and responsibilities during a crisis
  • 21. Step – 2: Create a Cyber Security Crisis Management Plan Ideally, the crisis management plan should be a separate document, with the following essential elements: • Structure of the crisis management team • Responsibility matrix with names of the specific individuals • Threat matrix with severity levels and associated response protocols • Communication templates for customers, business partners, media and external agencies • Procedures to inform authorities and affected parties and to provide identity and credit protection services
  • 22. Step – 3: Conduct Breach Simulations • Breach simulation is a table top exercise in your boardroom • All the key executives need to participate • A hypothetical breach scenario is created and the participants are asked to respond • Guidance is provided by the moderators • The executive team becomes familiar with the process and the sources of information
  • 23. Step – 4: Engage a Third Party • Breach can stay undetected for years but once they are detected there is extreme urgency to investigate • Finding the right forensics partner can be a challenge • Companies have no choice but to rush into a contract often overlooking critical provisions • Legal and compliance teams need to be involved in the review of all contractual language • Internal or external legal counsel should be used to engage the third party forensic company and attorney client privileges should be protected in the contract language
  • 24. • Data breaches are inevitable. Therefore, an organization MUST be prepared to handle one • The information security team MUST take the lead in building and socializing a crisis management program • The information security team MUST build partnerships with Legal, Compliance, Corporate Communication and Privacy teams of the company • A detailed crisis management plan MUST be created and maintained • Periodic simulations MUST be conducted • The executives of the company MUST be educated and must fully understand their roles and responsibilities
  • 27.
  • 28. If data loss is confirmed, the State Attorney Generals must be notified in accordance with the State’s privacy directives. 47 states and 3 U.S. territories all have their own data breach laws, enforced by state attorneys general. Breach notification letters must be sent to the individuals whose personal information was lost or compromised. Some States like California, Massachusetts, New York, North Carolina, Illinois, West Virginia and Maryland have specific formats that must be followed. All other states do not have any constraints. Create and maintain a repository of breach notification letters for all the states where your customers reside
  • 29. DEPARTMENT / TEAM REPRESENTATIVE TITLE RESPONSIBILITY EXEC LEADERSHIP BRIAN WILLIAMS CEO Inform Board of Directors on the status of breach investigations etc EXEC LEDERSHIP PETER ALEXANDER CFO Determine cost of breach and data loss COPORATE COMMUNICATIONS HALEY JACKSON SVP Ensure consistent and timeline communications to media and authorities HR MANU RAJU EVP Determine impact on employees CUSTOMER RELATIONS KRISTEN WELKER DIRECTOR Establish and maintain communications with customers LEGAL CHUCK TODD CORPORATE COUNSEL Engage internal and external legal teams to ensure compliance with laws
  • 30. INCIDENT SCOPE SEVERITY ACTION DENIAL OF SERVICE ATTACK Limited to no impact on business apps LOW Monitor traffic Fine tune DDoS appliances to eliminate noise Inform ISP Crtical business application performance impacted MEDIUM Initiate incident response protocol Engage ISP Perform RCA Provide updtes to affected parties Internet access down. Business apps offline HIGH Initiate crisis management protocol Inform executives and business leaders Craft and send communications to customers and other parties POTENTIAL DATA LOSS Limited data exposed by CSR LOW Send apology letters Provide credit protection to affected individuals Inform State AGs Moderate amount of data lost or exposed MEDIUM Initiate incident response protocol Suspected data breach HIGH Initiate crisis management protocol Consult with corporate counsel, privacy and compliance officers Inform Board of Directors Update communication templates for media, customers, investors and authorities Engage forensics teams Engage external counsel
  • 31. Create generic communication templates for the various possible scenarios and have them vetted and approved by corporate communication, privacy and legal Sample Communication-1 We are currently investigating a Denial of Service attack on our website that is resulting in degraded performance. At this time, we have confirmed that no customer data is impacted. We are working closely with our ISP and our IT service provider to restore services. As more information become available, we will be sure to provide you with regular updates. Sample Communication-2 As of approximately 11:00 am CST, we have become aware of a potential compromise of our network and systems. At this time, we are unable to confirm the extent of the compromise and whether sensitive data could have been lost. We are working closely with the authorities and with internal and external cyber security experts to determine the nature and extent of compromise. We will provide regular updates on our website at www.abccompany.com and will conduct media briefing as necessary
  • 32. Sample Communication-3 Over the course the past 24 hours we have been able to obtain further details of the incident that affected [our network, website, systems]. We have confirmed that [nature of the incident, how many people were affected, what data was lost]. We are still investigating [the cause of the incident, the people/event behind the incident, extent of the incident]. We have engaged[law enforcement, cyber forensics etc]. We have also enlisted the help of [additional resources brought in to assist with the incident] to assist us in immediately mitigating the incident. We will continue to provide you with updates as new information become available. We recommend that you monitor our website at [insert website address] for the latest information.
  • 33. Borrower’s Name Date:____________ Street Address City, Zip Code Dear Mr. ___________ We are writing to inform you of an incident involving your personal information. On (INSERT INCIDENT DATE), an incident occurred where your non-public information may have been viewed by a third-party. While we do not believe your information will be misused, out of an abundance of caution we are notifying you so you may take steps to protect yourself against misuse of your information. Always remember to carefully review your statements every month to identify any unauthorized transactions. If you see any items on your statement you believe are not yours, please contact us immediately. Remain vigilant over the next 12 to 24 months and promptly report incidents of suspected identity theft or unauthorized activity to us and the appropriate law enforcement agency. To help protect your identity, we are offering a complimentary one (1) year membership of Experian’s ProtectMyIDTM Elite. This product helps detect possible misuse of your personal information and provides you with superior identity protection services focused on immediate identification and resolution of identity theft. Activate ProtectMyID Now in Three Easy Steps: ENSURE That You Enroll By: INSERT ENROLLMENT DATE Visit ProtectMyID Web Site: www.protectmyid.com/enroll or call 877-441-6943 to enroll Your Activation Code (INSERT CODE) . .
  • 34. T0 A reputable cyber security blogger has published information on his website indicating that ABC Company may have been affected by a recent well publicized hack in which customer’s sensitive data was exposed. The blogger speculates that connection between ABC Company and the publicized hack and provides some evidence that ABC Company’s account and password information is available on the dark web. Customers and the media begin to call the company wanting to know if their personal information has been compromised. Media outlets want to know if the company has an official statement. Questions for the team • What is the first course of action? • What are the immediate priorities? • What type of communication should be issued?
  • 35. T0 + 7 ABC Company’s CISO receives a call from the FBI who indicate that based on their investigations, they believe that the compromise of ABC Company’s information systems occurred over 3 months ago. They have reason to believe that large amounts of customer sensitive data, including credit card numbers may have been exposed. In the meantime, media attention has steadily increased and newspapers articles and television stories being published. ABC Company’s employees are being approached by local media outlets for exclusive interviews. Traffic to the company website has increased and performance has been affected. Customer service calls are creating a backlog with long wait times. The Board of Directors is getting inquiries from the media and is asking for urgent updates Questions for the team • How does your response to the incident change based on these development • Have the priorities changed? • How would you update the communications? • Who would you engage at this stage?
  • 36. T0 + 21 Media and public response is harsh despite continued PR efforts. There is now open talk of suing the company and authorities have launched inquiries. The PCI council is involved and insisting on bringing in their their own forensics company. Forensics teams have found evidence of the hack going back 14 months and traces of ongoing activities. A Chinese organization dubbed Deep Panda is likely to be involved based on the hash signatures of the Derusbi command and control software. The Board of Directors is becoming increasingly inpatient and insisting on a comprehensive plan to remediate the current situation and prevent this scenario from happening again. ABC Company begins to quantify cost of the breach and determine how much of their investigative efforts and expenditures will be covered by their cyber insurance policy. Questions for the team • How does your response to the incident change based on these development • Have the priorities changed? • How would you update the communications? • Who would you engage at this stage?