SlideShare une entreprise Scribd logo

Preparing to recover from a cyber attack

A
Allan Cytryn
Économie & financeBusiness
1  sur  28
Télécharger pour lire hors ligne
Recovering from a Cyber-Attack © Copyright, Risk Masters, Inc. 2013. All rights reserved. Why you need to prepare What you need to do 1 1
Cyber-Recovery: Executive Summary RMI The Problem  Cyber-Attacks are a continuous threat – some might succeed  How will you operate and recover following a successful attack? The Risks     Meeting obligations to your clients, suppliers and staff Financial and property losses Reputational losses Regulatory compliance The Strategy  Increase the Cyber-Resilience of your Infrastructure  Have a Cyber-Recovery Plan in addition to BCP/DR plans Being Prepared     Organize Plan Transform Validate © Copyright, Risk Masters, Inc. 2013. All rights reserved. 2
RMI Risk Masters, Inc. The Problem © Copyright, Risk Masters, Inc. 2013. All rights reserved. 3
The Cyber-Recovery Problem RMI Cyberattacks are a continuous threat, and some may succeed • How will you operate securely and recover quickly following a successful attack? • How will you mitigate the legal, regulatory, financial and operational risks of a successful attack? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 4
Every Day You Are Under Attack © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI 5
Your Defenses are Ready… © Copyright, Risk Masters, Inc. 2013. All rights reserved. But How Secure Are You? RMI 6
Some Attacks Succeed… © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI 7
A Breach Leads to Many Risks RMI • Can you meet obligations to your clients, suppliers and staff? • What would the financial and property losses be? • And what about reputational losses? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 8
RMI Risk Masters, Inc. The Risks © Copyright, Risk Masters, Inc. 2013. All rights reserved. 9
RMI Are you prepared to operate and recover? Does your BCP/DR plan address CyberRecovery? Will your insurance cover you? © Copyright, Risk Masters, Inc. 2013. All rights reserved. When an Attack Breaches Your Defenses… Can you protect the privacy of your staff and clients? Can you meet your obligations to your clients? 10
A Breach Puts Privacy at Risk Can you protect the privacy of your staff and your clients? RMI • You have legal and contractual requirements to protect the privacy and confidential information of your staff and clients. – Your business reputation may be compromised by the exposure of such information • When you cannot trust your computer systems, how can you assure privacy and confidentiality? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 11
A Breach Puts Delivery at Risk Can you meet your obligations to your staff and clients? © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • You have products and services to deliver every day – and your staff and clients depend on these. • When you cannot trust your computer systems, how can you be sure that you can meet your commitments? – What will be your liability for failing to do so? 12
A Breach Creates Financial Risk Costs may be high Will your insurance cover you? Insurance may not Cover Insurance is Complex RMI Sony is still awaiting the final tally for losses related to its data breaches earlier this year. At last count, it had 100 million compromised customer accounts, and Sony anticipated the debacle would cost $200 million. With 58 class-action suits in the works, that may be wishful thinking. But what about Sony’s insurance coverage? Sony’s insurer said the company did not have a cyber insurance policy. It said Sony’s policy only covered tangible losses like property damage, not cyber incidents. Cyber Insurance—Mitigating Loss from Cyber Attacks Perspectives on Insurance Recovery Newsletter - 2012 The market is rapidly growing for insurance that is specifically meant to cover losses arising out of cyber attacks and other privacy and data security breaches. These policies are marketed under names like "cyber-liability insurance," "privacy breach insurance" and "network security insurance." © Copyright, Risk Masters, Inc. 2013. All rights reserved. 13
A Breach Needs to be Reversed Does your BCP/DR plan address CyberRecovery? © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • A Cyber-Attack compromises your trust in your computer systems – But BCP/DR recovers from loss of use of facilities, infrastructure, technology and physical resources – Can you trust that your BCP/DR resources will be unexposed or survive a cyber attack? 14
RMI Risk Masters, Inc. The Strategy © Copyright, Risk Masters, Inc. 2013. All rights reserved. 15
A Strategy for Cyber-Recovery RMI • How can you increase the CyberResilience of your infrastructure? • Do you have a Cyber-Recovery Plan in addition to or as part of your BCP/DR plans? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 16
Are You Prepared to Respond? RMI • Is your infrastructure Cyber-Resilient? – Is the affect of an attack contained by architectural features and operational procedures that limit damage, or does the attack run freely? • Is your BCP/DR plan Cyber-Resilient? – Will critical systems and communications that you are relying on fail due to an attack? – Do support agreements (e.g: hosting, insurance) cover cyber-recovery? • Does your BCP/DR address cyber-attacks? – Are your policies and procedures aligned with assurances of safety, or are you backing up the attacker to restore it during your recovery? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 17
Cyber-Resilience: Mitigating a Breach RMI • Traditional cyber-defense is built as a “fortress perimeter” – Networks were not designed to be cyber-resilient – Cyber-defenses (e.g.: barriers, detection) were added to existing networks • Fortress defenses are limited – They do not readily keep up with attackers – They encumber users (access controls, BYOD limits) • Networks can be designed with cyber-resilience © Copyright, Risk Masters, Inc. 2013. All rights reserved. 18
Components of Cyber-Resilience RMI • Segmentation: Distinct and critical services that need to be secured are isolated in multiple secure zones with air-gaps and sterile zones • Hardening: Applications and infrastructure are Internet-hardened • Dispersal: Public facing services and non-proprietary content may be hosted in public clouds, while sensitive content may be secured in distinct protected zones and content accessed only through secure transactions. • Synchronization: Operational activities (e.g.: releases, imaging, builds, backup, versioning, retention) are synchronized with integrity validation processes (quarantine, virus scanning/cleansing, etc…) © Copyright, Risk Masters, Inc. 2013. All rights reserved. 19
Segmentation - Example RMI Implementing a network as separate and distinct networks that are secured from each other provides organic resilience © Copyright, Risk Masters, Inc. 2013. All rights reserved. 20
RMI Risk Masters, Inc. Being Prepared © Copyright, Risk Masters, Inc. 2013. All rights reserved. 21
Being Prepared for Cyber-Recovery RMI Your checklist for Cyber-Recovery  Organize  Plan  Transform  Validate © Copyright, Risk Masters, Inc. 2013. All rights reserved. 22
RMI Organize Validate Planning for CyberRecovery Plan Transform © Copyright, Risk Masters, Inc. 2013. All rights reserved. 23
Planning for Cyber-Recovery RMI Develop an organizational structure to lead recovery activities before and after an attack Organize © Copyright, Risk Masters, Inc. 2013. All rights reserved. 24
Planning for Cyber-Recovery Plan © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • Assess current state of readiness – Review prevention and recovery plans – Evaluate operational integrity – Test readiness and effectiveness • Design cyber-resilience into your infrastructure and operating model – Bulkheads, compartments, isolation – Align operating cycles (e.g.: backup) with processing that establishes trust in your infrastructure • Develop a recovery plan 25
Planning for Cyber-Recovery Transform RMI • Implement the changes necessary to achieve – Cyber-resilience – Cyber-recoverability © Copyright, Risk Masters, Inc. 2013. All rights reserved. 26
Planning for Cyber-Recovery RMI • Test your plan  Randomly test components throughout the year  Periodically test large-scale integrated components, and the whole system Validate • During your tests...  Recognize that systems are under attack  Contain the damage, prevent its spread, remove the agents  Restore trusted software and data from a trusted image.  Manage the consequences, minimize its impact, communicate effectively © Copyright, Risk Masters, Inc. 2013. All rights reserved. 27
A Recovery - Example Corporate IT Data Center (HQ) RMI Response Activities to Hacker Attack To Plant IT Network 1 6 1 3 4 Virus/Trojan Signature from Vendor Symantec Bare Metal Restore Server Corporate IT “Gold Network” 6 Recovery Time from Trojan Attack NOTE: This Illustration assumes a Trojan attack whose presence remains latent for seven (7) days. 2 Day “0” Trusted Backup Once a signature is delivered, Client must run a job to scan image backups chronologically backward in order to identify a “trusted image” from which infected servers can be restored. Corporate IT will restore infected server(s) from trusted image backups and resume IT services. 4 5 6 Client must wait on vendor distribution of a virus signature that will permit inspection of backups for possible infection. Firewall Firewall EMC VNX (image storage) When corruption has been identified, operators will take action to isolate the problem. 5 2 2 Virus or Trojan Horse sits in a latent state after being planted by the intruder. This corruption may not manifest itself for days, weeks or even months after infection. 3 Storage Corporate IT has establish an isolated network in HQ that will resist external intrusion and perform daily chronological images backups for critical system and application servers. 2 System/Application Servers 3 Undetected Latent Threat 4 5 6 1 2 3 4 © Copyright, Risk Masters, Inc. 2013. All rights reserved. 5 6 7 8 9 10 11 12 13 14 Expected Recovery Time (in calendar days) 28

Recommandé

Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesIvanti
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 

Recommandé

Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
OSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesOSB130 Patch Management Best Practices
OSB130 Patch Management Best PracticesIvanti
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementRisk Analysis Consultants, s.r.o.
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxSMIT PAREKH
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network VaptApurv Singh Gautam
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 

Contenu connexe

Tendances

Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxSMIT PAREKH
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 

Tendances (20)

Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptx
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 

Similaire à Preparing to recover from a cyber attack

How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009RCioffi
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
093049ov16.pptx
093049ov16.pptx093049ov16.pptx
093049ov16.pptxNguyenNM
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the CloudGaryArdito
 
Group reading assignments on managing cloud risk
Group reading assignments on managing cloud riskGroup reading assignments on managing cloud risk
Group reading assignments on managing cloud riskIbrahim Adeboye Apena
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceLeonardo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud ChallengeVMware Tanzu
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxinfosec train
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 

Similaire à Preparing to recover from a cyber attack (20)

How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
093049ov16.pptx
093049ov16.pptx093049ov16.pptx
093049ov16.pptx
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
 
Group reading assignments on managing cloud risk
Group reading assignments on managing cloud riskGroup reading assignments on managing cloud risk
Group reading assignments on managing cloud risk
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain Assurance
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud Challenge
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptx
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 

Dernier

The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfGale Pooley
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfGale Pooley
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Delhi Call girls
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfGale Pooley
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfGale Pooley
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
The Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfThe Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfGale Pooley
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Call Girls in Nagpur High Profile
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja Nehwal
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 

Dernier (20)

The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdf
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdf
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
The Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfThe Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdf
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
 
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 

Preparing to recover from a cyber attack

  • 1. Recovering from a Cyber-Attack © Copyright, Risk Masters, Inc. 2013. All rights reserved. Why you need to prepare What you need to do 1 1
  • 2. Cyber-Recovery: Executive Summary RMI The Problem  Cyber-Attacks are a continuous threat – some might succeed  How will you operate and recover following a successful attack? The Risks     Meeting obligations to your clients, suppliers and staff Financial and property losses Reputational losses Regulatory compliance The Strategy  Increase the Cyber-Resilience of your Infrastructure  Have a Cyber-Recovery Plan in addition to BCP/DR plans Being Prepared     Organize Plan Transform Validate © Copyright, Risk Masters, Inc. 2013. All rights reserved. 2
  • 3. RMI Risk Masters, Inc. The Problem © Copyright, Risk Masters, Inc. 2013. All rights reserved. 3
  • 4. The Cyber-Recovery Problem RMI Cyberattacks are a continuous threat, and some may succeed • How will you operate securely and recover quickly following a successful attack? • How will you mitigate the legal, regulatory, financial and operational risks of a successful attack? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 4
  • 5. Every Day You Are Under Attack © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI 5
  • 6. Your Defenses are Ready… © Copyright, Risk Masters, Inc. 2013. All rights reserved. But How Secure Are You? RMI 6
  • 7. Some Attacks Succeed… © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI 7
  • 8. A Breach Leads to Many Risks RMI • Can you meet obligations to your clients, suppliers and staff? • What would the financial and property losses be? • And what about reputational losses? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 8
  • 9. RMI Risk Masters, Inc. The Risks © Copyright, Risk Masters, Inc. 2013. All rights reserved. 9
  • 10. RMI Are you prepared to operate and recover? Does your BCP/DR plan address CyberRecovery? Will your insurance cover you? © Copyright, Risk Masters, Inc. 2013. All rights reserved. When an Attack Breaches Your Defenses… Can you protect the privacy of your staff and clients? Can you meet your obligations to your clients? 10
  • 11. A Breach Puts Privacy at Risk Can you protect the privacy of your staff and your clients? RMI • You have legal and contractual requirements to protect the privacy and confidential information of your staff and clients. – Your business reputation may be compromised by the exposure of such information • When you cannot trust your computer systems, how can you assure privacy and confidentiality? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 11
  • 12. A Breach Puts Delivery at Risk Can you meet your obligations to your staff and clients? © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • You have products and services to deliver every day – and your staff and clients depend on these. • When you cannot trust your computer systems, how can you be sure that you can meet your commitments? – What will be your liability for failing to do so? 12
  • 13. A Breach Creates Financial Risk Costs may be high Will your insurance cover you? Insurance may not Cover Insurance is Complex RMI Sony is still awaiting the final tally for losses related to its data breaches earlier this year. At last count, it had 100 million compromised customer accounts, and Sony anticipated the debacle would cost $200 million. With 58 class-action suits in the works, that may be wishful thinking. But what about Sony’s insurance coverage? Sony’s insurer said the company did not have a cyber insurance policy. It said Sony’s policy only covered tangible losses like property damage, not cyber incidents. Cyber Insurance—Mitigating Loss from Cyber Attacks Perspectives on Insurance Recovery Newsletter - 2012 The market is rapidly growing for insurance that is specifically meant to cover losses arising out of cyber attacks and other privacy and data security breaches. These policies are marketed under names like "cyber-liability insurance," "privacy breach insurance" and "network security insurance." © Copyright, Risk Masters, Inc. 2013. All rights reserved. 13
  • 14. A Breach Needs to be Reversed Does your BCP/DR plan address CyberRecovery? © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • A Cyber-Attack compromises your trust in your computer systems – But BCP/DR recovers from loss of use of facilities, infrastructure, technology and physical resources – Can you trust that your BCP/DR resources will be unexposed or survive a cyber attack? 14
  • 15. RMI Risk Masters, Inc. The Strategy © Copyright, Risk Masters, Inc. 2013. All rights reserved. 15
  • 16. A Strategy for Cyber-Recovery RMI • How can you increase the CyberResilience of your infrastructure? • Do you have a Cyber-Recovery Plan in addition to or as part of your BCP/DR plans? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 16
  • 17. Are You Prepared to Respond? RMI • Is your infrastructure Cyber-Resilient? – Is the affect of an attack contained by architectural features and operational procedures that limit damage, or does the attack run freely? • Is your BCP/DR plan Cyber-Resilient? – Will critical systems and communications that you are relying on fail due to an attack? – Do support agreements (e.g: hosting, insurance) cover cyber-recovery? • Does your BCP/DR address cyber-attacks? – Are your policies and procedures aligned with assurances of safety, or are you backing up the attacker to restore it during your recovery? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 17
  • 18. Cyber-Resilience: Mitigating a Breach RMI • Traditional cyber-defense is built as a “fortress perimeter” – Networks were not designed to be cyber-resilient – Cyber-defenses (e.g.: barriers, detection) were added to existing networks • Fortress defenses are limited – They do not readily keep up with attackers – They encumber users (access controls, BYOD limits) • Networks can be designed with cyber-resilience © Copyright, Risk Masters, Inc. 2013. All rights reserved. 18
  • 19. Components of Cyber-Resilience RMI • Segmentation: Distinct and critical services that need to be secured are isolated in multiple secure zones with air-gaps and sterile zones • Hardening: Applications and infrastructure are Internet-hardened • Dispersal: Public facing services and non-proprietary content may be hosted in public clouds, while sensitive content may be secured in distinct protected zones and content accessed only through secure transactions. • Synchronization: Operational activities (e.g.: releases, imaging, builds, backup, versioning, retention) are synchronized with integrity validation processes (quarantine, virus scanning/cleansing, etc…) © Copyright, Risk Masters, Inc. 2013. All rights reserved. 19
  • 20. Segmentation - Example RMI Implementing a network as separate and distinct networks that are secured from each other provides organic resilience © Copyright, Risk Masters, Inc. 2013. All rights reserved. 20
  • 21. RMI Risk Masters, Inc. Being Prepared © Copyright, Risk Masters, Inc. 2013. All rights reserved. 21
  • 22. Being Prepared for Cyber-Recovery RMI Your checklist for Cyber-Recovery  Organize  Plan  Transform  Validate © Copyright, Risk Masters, Inc. 2013. All rights reserved. 22
  • 23. RMI Organize Validate Planning for CyberRecovery Plan Transform © Copyright, Risk Masters, Inc. 2013. All rights reserved. 23
  • 24. Planning for Cyber-Recovery RMI Develop an organizational structure to lead recovery activities before and after an attack Organize © Copyright, Risk Masters, Inc. 2013. All rights reserved. 24
  • 25. Planning for Cyber-Recovery Plan © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • Assess current state of readiness – Review prevention and recovery plans – Evaluate operational integrity – Test readiness and effectiveness • Design cyber-resilience into your infrastructure and operating model – Bulkheads, compartments, isolation – Align operating cycles (e.g.: backup) with processing that establishes trust in your infrastructure • Develop a recovery plan 25
  • 26. Planning for Cyber-Recovery Transform RMI • Implement the changes necessary to achieve – Cyber-resilience – Cyber-recoverability © Copyright, Risk Masters, Inc. 2013. All rights reserved. 26
  • 27. Planning for Cyber-Recovery RMI • Test your plan  Randomly test components throughout the year  Periodically test large-scale integrated components, and the whole system Validate • During your tests...  Recognize that systems are under attack  Contain the damage, prevent its spread, remove the agents  Restore trusted software and data from a trusted image.  Manage the consequences, minimize its impact, communicate effectively © Copyright, Risk Masters, Inc. 2013. All rights reserved. 27
  • 28. A Recovery - Example Corporate IT Data Center (HQ) RMI Response Activities to Hacker Attack To Plant IT Network 1 6 1 3 4 Virus/Trojan Signature from Vendor Symantec Bare Metal Restore Server Corporate IT “Gold Network” 6 Recovery Time from Trojan Attack NOTE: This Illustration assumes a Trojan attack whose presence remains latent for seven (7) days. 2 Day “0” Trusted Backup Once a signature is delivered, Client must run a job to scan image backups chronologically backward in order to identify a “trusted image” from which infected servers can be restored. Corporate IT will restore infected server(s) from trusted image backups and resume IT services. 4 5 6 Client must wait on vendor distribution of a virus signature that will permit inspection of backups for possible infection. Firewall Firewall EMC VNX (image storage) When corruption has been identified, operators will take action to isolate the problem. 5 2 2 Virus or Trojan Horse sits in a latent state after being planted by the intruder. This corruption may not manifest itself for days, weeks or even months after infection. 3 Storage Corporate IT has establish an isolated network in HQ that will resist external intrusion and perform daily chronological images backups for critical system and application servers. 2 System/Application Servers 3 Undetected Latent Threat 4 5 6 1 2 3 4 © Copyright, Risk Masters, Inc. 2013. All rights reserved. 5 6 7 8 9 10 11 12 13 14 Expected Recovery Time (in calendar days) 28