OC RIMS Cyber Safety & Security Incident Response.
-
Upload
johan-blackner -
Category
Documents
-
view
220 -
download
0
Transcript of OC RIMS Cyber Safety & Security Incident Response.
![Page 1: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/1.jpg)
OC RIMSOC RIMSCyber Safety & SecurityCyber Safety & Security
Incident ResponseIncident Response
![Page 2: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/2.jpg)
Types of Cyber EventsTypes of Cyber Events
- Intrusion (external/internal)- Intrusion (external/internal)
- Hackers Targeting Asset/Account - Hackers Targeting Asset/Account ManagersManagers
- Sexual Harassment- Sexual Harassment
- Termination- Termination
- Workmen's Comp Claims- Workmen's Comp Claims
- Theft of IP- Theft of IP
![Page 3: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/3.jpg)
Civil vs. CriminalCivil vs. Criminal
Theft of Personal DataTheft of Personal DataTheft of IPTheft of IPStalkingStalkingCyber ImpersonationCyber ImpersonationHackingHackingWire TappingWire TappingChild PornographyChild Pornography
Look Familiar?Look Familiar?
![Page 4: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/4.jpg)
PreservationPreservation
![Page 5: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/5.jpg)
PPreserve Digital Evidencereserve Digital Evidence
• The most important thing to The most important thing to remember is to protect and remember is to protect and preserve the evidence no matter preserve the evidence no matter what the final outcome!what the final outcome!
• If you choose not to preserve the If you choose not to preserve the evidence now it may be altered or evidence now it may be altered or destroyed when you need it!destroyed when you need it!
![Page 6: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/6.jpg)
What is Imaging?What is Imaging?
o Write blocked/protectedWrite blocked/protectedo Bit-by-bit copy of the deviceBit-by-bit copy of the deviceo VerifiedVerifiedo Proven and court accepted Proven and court accepted
methodologymethodologyo DifferentDifferent then Ghost or other file then Ghost or other file
copying!!copying!!
![Page 7: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/7.jpg)
ForensicsForensicsWhat can it do for What can it do for
you?you?Clear and concise explanation of:Clear and concise explanation of:
• Forensic copy of original evidenceForensic copy of original evidence• Methodology used for examinationMethodology used for examination• Whether or not the date/time Whether or not the date/time stamps are a reliable indicatorstamps are a reliable indicator
• What is slack and unallocated What is slack and unallocated spacespace
• How is data stored and recoveredHow is data stored and recovered
![Page 8: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/8.jpg)
![Page 9: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/9.jpg)
![Page 10: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/10.jpg)
![Page 11: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/11.jpg)
DeletingDeleting
- Recycle Bin ArtifactsRecycle Bin Artifacts- File systemsFile systems- RecoverableRecoverable
![Page 12: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/12.jpg)
Anti-ForensicsAnti-Forensics
![Page 13: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/13.jpg)
WipingWiping
![Page 14: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/14.jpg)
MonitoringMonitoringo Third party Third party o Offsite, appliance or applicationOffsite, appliance or applicationo Local Local
![Page 15: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/15.jpg)
EncryptionEncryption
o Transmission (SSH)Transmission (SSH)o User and Master KeysUser and Master Keyso Securing Your KeysSecuring Your Keyso Whole Disk, Volume or File LevelWhole Disk, Volume or File Level
![Page 16: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/16.jpg)
PreventionPrevention
#1 hacking tool = social engineering#1 hacking tool = social engineering
o Operating System PermissionsOperating System Permissionso Logging of Data Access & Transfers Logging of Data Access & Transfers (system wide/centralized/long term)(system wide/centralized/long term)o MonitoringMonitoringo Restrict Web Browsing (browser)Restrict Web Browsing (browser)o Removable MediaRemovable Mediao Vulnerability TestingVulnerability Testing
![Page 17: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/17.jpg)
Secure WirelessSecure Wireless
SSID SSID WEP/WAPWEP/WAP MAC AddressMAC Address WiredWired Air CardAir Card
![Page 18: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/18.jpg)
WirelessWireless
![Page 19: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/19.jpg)
The “Cloud”The “Cloud”
Dangers and RiskDangers and Risk Uncontrolled
Access by Users Unsecured Access Internet
Dependant
![Page 20: OC RIMS Cyber Safety & Security Incident Response.](https://reader035.fdocuments.in/reader035/viewer/2022062318/551b9061550346942b8b4fda/html5/thumbnails/20.jpg)
CloudCloud
Tools and TipsTools and Tips Google/MSN Admin
Controls Secure
Computer/Connection Password Rules Backup Two-Factor
Authentication