SlideShare a Scribd company logo

INCIDENT HANDLING IN ORGANISATIONS

S
Sylvain Martinez

In this presentation we look at how organisations conduct incident handling with a focus on how it applies to businesses in Mauritius

Related slideshows

Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information Security
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
 
1 of 10
Download to read offline
Incident Handling in Organisations Dr. Kaleem Usmani Head of CERT-MU
Top Cybersecurity Facts 2018 Source:(CSO from IDG) • Cyber crime damage costs to hit $6 trillion annually by 2021 • Cybersecurity spending to exceed $1 trillion from by 2021 • Human attack surface to reach 6 billion people by 2022 • Cybersecurity Ventures expects ransomware damage costs will rise to $11.5 billion in 2019 and that a business will fall victim to a ransomware attack every 14 seconds by that time. 2
Incidents Types Nuclear Power Steal Plants Solar Power ATM Account Thefts Stock Exchanges Payment Card Accounts Theft of email addresses, passwords Attacks on government sites ( websites defacement) Financial companies Power Grids World most trusted news organizations Zero day threats Advanced Pertinent Threats Ransomwares 3
Incident Handling Framework Layer 1 Preparation • Incident Response Team • Risk Assessment • Compliance • Crisis Management Plan • Technology / Security Tools Layer 2 Identification • Verification • Triage • Decision Making Layer 3 Response • Analysis • Containment • Business Continuity • Eradication • Recovery Layer 4 Review • Assessment of Incident • Legal Aspects • Documentation • Improvement 4
Incident Handling Cycle PHASE 1: PLANNING AND ORGANISATION Decision Making Triage If Incident is valid?Incident is detected Documentation Improvement Create Incident Response Team Training Incident Management Strategy Risk Assessment Compliance Crisis Management Plan Security Tools Yes RecoveryEradication All data is stored Crisis Management Plan Containment strategy – time consuming or incident cannot be contained? Choose Containment Strategy Containment and Business Continuity Analysis of Incident LAYER 1: PREPARATION LAYER 2: IDENTIFICATION LAYER 4: REVIEW LAYER 3: RESPONSE Ends No Yes Yes No Legal Aspects Prosecution? Legal Procedures No Assessment 5
Incident Handling Procedures in Organisations General Procedure…… • Log the incident • Inform the appropriate people • Release of Information • Follow-up Analysis 6
Incident Handling Procedures in Organisations Incident Specific Procedure…… ( Virus family) • Isolate the system • Log all actions • Notify appropriate people • Identify the problem • Contain the virus ( family…..) • Inoculate the System • Return to a Normal Operating Mode • Follow-up Analysis 7
Incident Handling Procedures in Organisations Incident Specific Procedure…… ( Hacking) • Identify Problem • Notify appropriate people • Identify Hacker/Cracker • Log all actions • Notify CERT • Follow-up 8
Incident Handling Procedures in Organisations Reporting Channels ( How it works in the country) • CERT • Law Enforcement • DPPs Office • ISPs 9
Thank You

More Related Content

INCIDENT HANDLING IN ORGANISATIONS

  • 1. Incident Handling in Organisations Dr. Kaleem Usmani Head of CERT-MU
  • 2. Top Cybersecurity Facts 2018 Source:(CSO from IDG) • Cyber crime damage costs to hit $6 trillion annually by 2021 • Cybersecurity spending to exceed $1 trillion from by 2021 • Human attack surface to reach 6 billion people by 2022 • Cybersecurity Ventures expects ransomware damage costs will rise to $11.5 billion in 2019 and that a business will fall victim to a ransomware attack every 14 seconds by that time. 2
  • 3. Incidents Types Nuclear Power Steal Plants Solar Power ATM Account Thefts Stock Exchanges Payment Card Accounts Theft of email addresses, passwords Attacks on government sites ( websites defacement) Financial companies Power Grids World most trusted news organizations Zero day threats Advanced Pertinent Threats Ransomwares 3
  • 4. Incident Handling Framework Layer 1 Preparation • Incident Response Team • Risk Assessment • Compliance • Crisis Management Plan • Technology / Security Tools Layer 2 Identification • Verification • Triage • Decision Making Layer 3 Response • Analysis • Containment • Business Continuity • Eradication • Recovery Layer 4 Review • Assessment of Incident • Legal Aspects • Documentation • Improvement 4
  • 5. Incident Handling Cycle PHASE 1: PLANNING AND ORGANISATION Decision Making Triage If Incident is valid?Incident is detected Documentation Improvement Create Incident Response Team Training Incident Management Strategy Risk Assessment Compliance Crisis Management Plan Security Tools Yes RecoveryEradication All data is stored Crisis Management Plan Containment strategy – time consuming or incident cannot be contained? Choose Containment Strategy Containment and Business Continuity Analysis of Incident LAYER 1: PREPARATION LAYER 2: IDENTIFICATION LAYER 4: REVIEW LAYER 3: RESPONSE Ends No Yes Yes No Legal Aspects Prosecution? Legal Procedures No Assessment 5
  • 6. Incident Handling Procedures in Organisations General Procedure…… • Log the incident • Inform the appropriate people • Release of Information • Follow-up Analysis 6
  • 7. Incident Handling Procedures in Organisations Incident Specific Procedure…… ( Virus family) • Isolate the system • Log all actions • Notify appropriate people • Identify the problem • Contain the virus ( family…..) • Inoculate the System • Return to a Normal Operating Mode • Follow-up Analysis 7
  • 8. Incident Handling Procedures in Organisations Incident Specific Procedure…… ( Hacking) • Identify Problem • Notify appropriate people • Identify Hacker/Cracker • Log all actions • Notify CERT • Follow-up 8
  • 9. Incident Handling Procedures in Organisations Reporting Channels ( How it works in the country) • CERT • Law Enforcement • DPPs Office • ISPs 9