Ic Sconf2010presentation Dp Bh
-
Upload
brian-honan -
Category
Technology
-
view
1.580 -
download
2
description
Transcript of Ic Sconf2010presentation Dp Bh
ICS Data Protection Conference 2010
Data Breach !!What Next?
2nd Annual ICS Data Protection Conference
ICS Data Protection Conference 2010
Infosec Professional Certainties
ICS Data Protection Conference 2010
Typical IT Security
3
ICS Data Protection Conference 2010
But …
ICS Data Protection Conference 2010
Controls Will be Bypassed
ICS Data Protection Conference 2010
Traditional Incident Response
Adhoc & Unplanned
Deal with it as it happens
Prolonged Recovery Times
Damage to Company
Lack of Metrics
Legal Issues
Bad Guys/Gals Getting Away
ICS Data Protection Conference 2010
IT Manager In Line Of Fire
ICS Data Protection Conference 2010
Why Improve Incident Response?
Fail to Prepare – Prepare to Fail
ICS Data Protection Conference 2010
Why Improve Incident Response?
ICS Data Protection Conference 2010
So Far in 2010
ICS Data Protection Conference 2010
Increasing Number of Irish Incidents
WWW.IRISS.IE• Membership is Free
ICS Data Protection Conference 2010
Establish Team
Information Security Operations Human
Resources Legal Public Relations
Facilities Management
ICS Data Protection Conference 2010
Set up Alerting Mechanisms
ICS Data Protection Conference 2010
Identify Tools
ICS Data Protection Conference 2010
Standard Operating Procedures
ICS Data Protection Conference 2010
Agree Authority of IRT
ICS Data Protection Conference 2010
Establish External Relationships
ICS Data Protection Conference 2010
Practise Makes Perfect
ICS Data Protection Conference 2010
Response Process
ICS Data Protection Conference 2010
Don’t
ICS Data Protection Conference 2010
Do Nothing !!
ICS Data Protection Conference 2010
Contain the Incident
ICS Data Protection Conference 2010
Eradicate the Root Cause
ICS Data Protection Conference 2010
Recover Systems
ICS Data Protection Conference 2010
Monitor
ICS Data Protection Conference 2010
Communicate Regularly
ICS Data Protection Conference 2010
Disclosure?
ICS Data Protection Conference 2010
More information
• C S IRT H andbookh t tp : / /www.c e rt .o rg /a rc h i v e /p d f/c s i r t -h a n d b o o k .p d f
• Forming an Inc ident Response Teamh t tp : / /www.a u s c e rt .o rg .a u /re n d e r .h t ml ? i t= 2 2 5 2
• Incident R esponse W hite P aper – B H C onsulti ng
h t tp : / /www.b h c o n s u l t i n g . i e / In c i d e n t% 2 0 Re s p o n s e % 2 0 W h i te % 2 0 Pa p e r .p d f
• R FC 2350: E xpec tations for Computer S ecurity Incident R esponseh t tp : / /www.rfc -a rc h i v e .o rg /g e t rfc . p h p ? rfc = 2 3 5 0
• O rganisational Models for C omputer S ecuri ty Inc ident Response Teamsh t tp : / /www.c e rt .o rg /a rc h i v e /p d f/0 3 h b 0 0 1 . p d f
• The S A N S Ins titute’s Reading R oomh t tp : / /www.s a n s .o rg /re a d i n g _ ro o m
ICS Data Protection Conference 2010
More Resources
• Guidelines for Evidence Collection and Archiving (RFC 3227)
http://www.ietf.org/rfc/rfc3227.txt
• Resources for Computer Security IncidentResponse Teams (CSIRTs)
http://www.cert.org/cs irts /resources .html
• RFC 2196: Site Security Handbookhttp://www.faqs.org/rfcs/rfc2196.html
• ENISA Step by Step Guide for setting up CERTShttp://enisa.europa.eu/doc /pdf/del iverables/eni sa_cs irt_setti ng_up_guide.pdf
• CSIRT Case Classification (Example for enterprise CSIRT)http://www.firs t.org/resources /guides/csi rt_case_classification.html
ICS Data Protection Conference 2010
Questions?
www.twitter.com/brianhonanwww.bhconsulting.ie/securitywatch
Tel : +353 – 1 - 4404065
ICS Data Protection Conference 2010
Thank you