Albany Bank Corporation Security Incident Management Program.
-
Upload
marianna-freeman -
Category
Documents
-
view
216 -
download
0
description
Transcript of Albany Bank Corporation Security Incident Management Program.
![Page 1: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/1.jpg)
Albany Bank CorporationSecurity Incident Management Program
![Page 2: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/2.jpg)
2
CONSULTANTS• Taurus Allen
• Destiny Dyer
• Marta Pelyo
• Daniel Post
• Michele Reina
• Robert Warshauer
![Page 3: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/3.jpg)
3
PROJECT OBJECTIVES
1. Create an effective security incident management program 2. Compliance with regulatory and industry standards3. Identifying potential vendors 4. Implementation of roadmap
![Page 4: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/4.jpg)
4
AGENDA
• Project Approach• Bank Profile• Purpose of Security Incident Management Program• Industry Regulations and Standards• Explanation of Proposed Program• Workflow• Vendor Recommendations • Roadmap
![Page 5: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/5.jpg)
5
PROJECT APPROACH
Objective: To assist ABC with creating and recommending a security incident management program.
Research of Current Events, Weekly Status Report, Project Timeline, Peer Evaluations
Phase 1
Planning and Content Research
Phase 2 Content
Development and Recommendations
Phase 3
Final Presentation and Preparation
![Page 6: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/6.jpg)
6
BANK PROFILE
Overview:• 20th largest bank in the United States• Specializes in commercial, retail, investment banking• Holds $50 billion of assets
Problems Facing Albany Bank Corporation:• Well known hacking group breached security records• Approximately 20 million customer records compromised• ABC did not have formal incident security program in place• Reputational and financial losses
![Page 7: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/7.jpg)
7
RECENT BREACHESThese breaches occurred due to lack of:• Adequate cyber security
• Detailed incident response procedures
• Efficient detection/analysis and containment strategies
![Page 8: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/8.jpg)
8
SECURITY INCIDENT MANAGEMENT OBJECTIVE
• Process of monitoring and detecting threats to a network
• Encompasses integrating IT management systems
• Identifies and prioritizes incidents based on business impact
• Used to protect confidential data NIST Cybersecurity Framework
![Page 9: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/9.jpg)
9
INDUSTRY REGULATIONS: FFIEC
Purpose: To develop and ensure uniformity of report forms, standards, and principles for financial institutions
Incident Management Requirements: • Periodic risk assessments
• Layered security controls
• Member awareness and education
• Ad-Hoc activity monitoring
• Defined escalation protocols
![Page 10: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/10.jpg)
10
INDUSTRY STANDARDS: ISO 27001-27002
Purpose: To provide a model for Information Security Management System
Incident Management Requirements:• Management of information security risks• Develop criteria for accepting risks and identifying level of risks• Identify and evaluate options for treatment of risks • Implement training and awareness programs
![Page 11: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/11.jpg)
11
INDUSTRY STANDARDS: NIST 800-61 REV 2Purpose: Computer Security Incident Handling Guide Incident Management Requirements:• Procedure for performing incident handling and communication
• Incorporation of response teams in incident handling process
• Reduce frequency of incidents
![Page 12: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/12.jpg)
12
INCIDENT RESPONSE LIFECYCLESteps:• Preparation
• Detection
• Analysis/Classification • Containment
• Eradication/Recovery
• Post-Incident Activity
![Page 13: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/13.jpg)
13
INCIDENT RESPONSE LIFECYCLE: PREPARATION
Checklist to ensure that all pivotal functions and procedures of incident response program are being performed
![Page 14: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/14.jpg)
14
INCIDENT RESPONSE LIFECYCLE: PREPARATION• Establish escalation procedures and response teams
• Improve educational awareness
• Training sessions
• Document procedure checklist
• Implement a playbook system
• Install malware protection software
• Create a simulated attack program to test response teams
![Page 15: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/15.jpg)
15
INCIDENT RESPONSE LIFECYCLE: DETECTION• C03 automated system • Report incident: Ticketing System
• Open Ticket Here• Triage Incident
• Significance of the constituency• Experience of the incident reporter• Severity of the incident
![Page 16: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/16.jpg)
16
INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATION
Financial Ranges Users
Critical Loss of more than $5 Million Affects 76%-100%
High Loss between $3 – 5 Million Affects 51%-75%
Medium Loss between $1 – 3 Million Affects 25%-50%
Low Loss of less than $1 Million Affects 0-24%
Impact: Measures the effect of an incident on the company
![Page 17: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/17.jpg)
17
Core Business Operations
Critical Interferes with core business functions or loss of critical data
HighInterferes with non-core activities or
functions that do not affect the entire company
MediumInterferes with normal completion of work or tasks that are more difficult
but not impossible to complete
LowInterferes with non-business related
use
Urgency: Measures the effect an incident has on the core business functions
INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATION
![Page 18: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/18.jpg)
18
INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATION
Incident Priority Timeframe
Critical Action within 1 hourResolution within 1 day
High Action within 2 hoursResolution within 2 days
Medium Action within 1 dayResolution within 5 days
Low Action within 2 daysResolution within 7 days
Response and Resolution Time for Incidents:
![Page 19: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/19.jpg)
19
INCIDENT RESPONSE LIFECYCLE: ANALYSIS/CLASSIFICATIONIncident Classification Matrix
Impact
Matrix Key
Critical Red
High Black
Medium Gray
Low White
![Page 20: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/20.jpg)
20
INCIDENT RESPONSE WORKFLOW
![Page 21: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/21.jpg)
21
![Page 22: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/22.jpg)
22
INCIDENT RESPONSE LIFECYCLE: DETECTION/ANALYSISDetection / Analysis Checklist:
![Page 23: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/23.jpg)
23
INCIDENT RESPONSE LIFECYCLE: CONTAINMENT
• Sandbox method: Threat quarantined, assessed and monitored• Freeze assets threatened• Suspend network services• Protect the chain of custody
![Page 24: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/24.jpg)
24
INCIDENT RESPONSE LIFECYCLE: ERADICATION/RECOVERY
Checklist • What information is
recoverable• What information is
permanently lost• Timeline of recovery
Restore systems • Change passwords• Tighten network• Replace compromised
files• Install patches
![Page 25: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/25.jpg)
25
INCIDENT RESPONSE LIFECYCLE: ERADICATION/RECOVERYEradication/Recovery Checklist:
![Page 26: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/26.jpg)
26
INCIDENT RESPONSE LIFECYCLE: POST-INCIDENT Perpetual loop of improvement:
• Improve technology • Follow up report• Lessons learned meeting• Trend analysis team• Communicate incidents to affected users
Post-Incident Checklist
![Page 27: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/27.jpg)
27
IDENTIFYING POTENTIAL VENDORSVendor Checklist
![Page 28: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/28.jpg)
28
IDENTIFYING POTENTIAL VENDORS
![Page 29: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/29.jpg)
29
IDENTIFYING POTENTIAL VENDORS
• Ticketing system• Compliance of Security Incident Response Cycle• Risk assessment
• Auditing• Employee training• Single user sign on
• Workflow• Matrix• Automatic response system
• Advanced layered security • Risk management• Compliance
Major Solutions Offered:
![Page 30: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/30.jpg)
30
SECURITY MANAGEMENT PROGRAM: ROADMAP
• 0-3 Months• Preparation
Step I
• 3-6 Months• Implementation
Step II
• 6-18 Months• Finalization
Step III
![Page 31: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/31.jpg)
31
PHASE ONE: 0-3 MONTHS
• Research of regulation and standards • Finalize business function requirements• Implement response teams: red, black, gray, and white• Perform vendor selection• Effective escalation process (via use of teams)• Manual management for short term security incident response
program
![Page 32: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/32.jpg)
32
PHASE TWO: 3-6 MONTHS
• Implement the selected vendor tools• Implement the workflow• Implement the tool for manual • Define and document incident response plans• Implement incident management and ticketing system• Continuous management of any security incident
![Page 33: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/33.jpg)
33
PHASE THREE: 6-18 MONTHS
• Perform security response testing/training• Initiate a communication plan for security incident management program for
internal/external stakeholders • Meets legal and regulatory tandards• Employee education and training • Customer awareness• Vendor training: Roles and responsibilities• Trend analysis capability
![Page 34: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/34.jpg)
34
MEASURE OF SUCCESS
• How fast was incident contained?• How quickly did Albany Bank Corporation recover from the incident?• How well did Albany Bank Corporation mitigate their losses?• How effective was Albany Bank Corporation’s communication of incident?
![Page 35: Albany Bank Corporation Security Incident Management Program.](https://reader035.fdocuments.in/reader035/viewer/2022062504/5a4d1b687f8b9ab0599b1fdc/html5/thumbnails/35.jpg)
35
• Initiate Incident Response Program
• Quarterly assessment of risks
• Annual testing of response teams and procedures
We guarantee to help
“Chase Risk Away”
NEXT STEP RECOMMENDATIONS