SlideShare une entreprise Scribd logo

Luncheon 2016-07-16 - Topic 1 - Incident Response Things I wish I Had Known the First Time by Cory Williams

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

Presentation from the North Texas ISSA July 2015 Lunch and Learn meeting: Incident Response Things I wish I Had Known the First Time

Présentations et discours publics
1  sur  20
Télécharger pour lire hors ligne
1  
2   Incident  Response   Things  I  Wish  I  Had  Known  The  First  Time
3   Who  Is  Set   Solu<ons,   Inc.? ‣  20+  years  in  IT  Security   ‣  Full  range  of  compliance,   security  and  network  services   ‣  Relentless  research     ‣  Vendor  agnosCc   ‣  We  help  safeguard  several  of   the  largest  companies  in  the   world   ‣  Very  happy  customers!  
4   Who  Am  I? ‣  Not  this  guy…   ‣  Senior  Engineer  with  Set   SoluCons,  Inc.   ‣  18  years  in  IT  Security,  IT,  and   IT  Audit   ‣  Security  experience  in   University,  Healthcare,   Aerospace/Defense/Industrial   industries…  
5   What  Is  This   About? ‣  Things  I  wish  I  knew   before  this   happened  
6   What  Are  Your   Goals? ‣  Clean  up  as  quickly  as  possible   and  move  on.    
7   What  Are  Your   Goals? ‣  IdenCfy…   • TTP’s   • Systems  affected   • What  controls  failed?   ‣  Minimize  loss  of  data  or  other   damages   ‣  Remove  the  threat   ‣  Secure  the  environment   ‣  Get  back  to  normal  operaCons   ‣  LEARN  FROM  EXPERIENCE!  
8   You  Need  A   Plan
9   Example  IR   Plan ‣  Overview  /  IR  Policy   ‣  Roles  and  ResponsibiliCes  /  Incident  Response  Team(s)   ‣  Incidents  Requiring  AcCon   ‣  Procedures  for  Response  Steps:   •  IdenCficaCon   •  Containment   •  EradicaCon   •  Recovery   ‣  Call  List  /  CommunicaCons   ‣  Current  Network  Infrastructure  DocumentaCon   ‣  ExisCng  Security  Controls  DocumentaCon/Procedures   ‣  Retainer  for  experts   ‣  SLAs  with  exisCng  partners,  vendors,  etc.   ‣  Training  and  Awareness   ‣  Lessons  Learned  
10   IR  Team  Skills ‣  Technical     ‣  Non-­‐Technical  
11   ‣  IR  Team:   •  IT  Security   •  IT  -­‐  Networking,  Server,   Apps,  AD,  Desktop   •  Consultant(s)   •  Project  Management     ‣  Need  an  ExecuCve   Sponsor!   IR  Team  Members
12   ‣  Other  IT  -­‐  HelpDesk,   Desktop  Support,  Business   Apps,  Web  Development   ‣  3rd  Party  IT  Providers   ‣  Compliance/Privacy   ‣  Audit   ‣  Legal   ‣  HR   ‣  Corporate  CommunicaCons     Other  Groups  to   Keep  in  the  Loop
13   What  Are  Your  Current   Capabili<es? ‣  What  skills  and  tools  do  you   have?   ‣  What  is  your  visibility?    At   perimeter  and  internal…   ‣  Where  are  your  privileged   accounts?    Do  you  know?   ‣  Know  what  and  where  your  gaps   are…  
Incident     (“EmoConal  Event”)     Detected     (or  informed  of)   RemediaCon   Begins   RemediaCon   Ends   Incident  Response   Ends   Pre-­‐RemediaCon   RemediaCon   Post-­‐ RemediaCon   14   Incident  Response  Timeline
15   Incident   Detected  /   “Emo<onal   Event”
16   Pre-­‐Remedia<on  /   Posturing  Phase ‣  Fire  up  the  IR  Team  and  Processes   ‣  Ramp  up  detecCon  /  monitoring  /   logging   ‣  Control  Lateral  Movement   ‣  Change  Management   ‣  SLAs  /  3rd  Party  IT  Providers  
17   Remedia<on   Phase ‣  Point  in  Cme  when  an  organizaCon  has…   •  IdenCfied  the  threats  in  their  environment   including  relevant  malicious  domain  names,  IP   addresses,  and  URLs   •  Compromised  systems  have  been  idenCfied   •  Pre-­‐remediaCon  controls  have  been   implemented     ‣  OrganizaCon  feels  they  are  ready  to  remove   the  current  threats     ‣  Usually  a  weekend  or  aner-­‐hours  event  
18   Post-­‐Remedia<on   Phase ‣  Ensure  malicious  acCvity  is  not   ongoing   ‣  Make  sure  weaknesses  have  been   miCgated   ‣  Short-­‐term  and  Long-­‐term   addiConal  posturing…  
19   Incident  Response   Ends ‣  Learn  from  it!   ‣  What  worked…what  did  not  work?   ‣  People,  Processes,  Tools…   ‣  Vendors,  Business  Partners…   ‣  Give  kudos  to  members…  
20  

Recommandé

Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...Anton Chuvakin
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Preparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponsePreparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponseBrian Honan
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016Martin Thompson
 

Recommandé

Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...Anton Chuvakin
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Preparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponsePreparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponseBrian Honan
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016In2SAM Audit Defence_ITAM Review Amsterdam April 2016
In2SAM Audit Defence_ITAM Review Amsterdam April 2016Martin Thompson
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2JudyEvans8
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015Martin Thompson
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]akquinet enterprise solutions GmbH
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceAnton Chuvakin
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas North Texas Chapter of the ISSA
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 

Contenu connexe

Tendances

Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2JudyEvans8
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015Martin Thompson
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]akquinet enterprise solutions GmbH
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceAnton Chuvakin
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 

Tendances (20)

Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or Outsource
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 

En vedette

NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas North Texas Chapter of the ISSA
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...North Texas Chapter of the ISSA
 
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...North Texas Chapter of the ISSA
 
NTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted Gruenloh
NTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted GruenlohNTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted Gruenloh
NTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted GruenlohNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan
NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan
NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan North Texas Chapter of the ISSA
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South
NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South
NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South North Texas Chapter of the ISSA
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome
NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome
NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome North Texas Chapter of the ISSA
 
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...North Texas Chapter of the ISSA
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...North Texas Chapter of the ISSA
 

En vedette (20)

NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
 
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
 
NTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted Gruenloh
NTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted GruenlohNTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted Gruenloh
NTXISSACSC3 - 7 Security Mindsets to Adopt Today by Ted Gruenloh
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of Discovery
 
NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan
NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan
NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan
 
Luncheon 2016-03-17 - Uba Awakens by Lisa Huff
Luncheon 2016-03-17 - Uba Awakens by Lisa HuffLuncheon 2016-03-17 - Uba Awakens by Lisa Huff
Luncheon 2016-03-17 - Uba Awakens by Lisa Huff
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South
NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South
NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
 
NTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy Coffey
 
NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome
NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome
NTXISSACSC3 - Removing the Snake Oil from Your Security Program by Jim Broome
 
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden WilliamsNTXISSACSC3 - EMV and the Future of Payments by Branden Williams
NTXISSACSC3 - EMV and the Future of Payments by Branden Williams
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
 
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
 
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
 

Similaire à Luncheon 2016-07-16 - Topic 1 - Incident Response Things I wish I Had Known the First Time by Cory Williams

Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
 
Cybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCordium
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
Practical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsPractical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsRobert E Jones
 
Considerations in Verification of Safety Design for Complex Systems
Considerations in Verification of Safety Design for Complex SystemsConsiderations in Verification of Safety Design for Complex Systems
Considerations in Verification of Safety Design for Complex SystemsOak Systems
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionNaor Penso
 
Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response FailsMichael Gough
 
Digital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdfDigital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdfChristopher Doman
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsGACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsRobert E Jones
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Anton Chuvakin
 
Life of an event - A never ending tool chain
Life of an event - A never ending tool chainLife of an event - A never ending tool chain
Life of an event - A never ending tool chainArnold Van Wijnbergen
 
Life of an event - A never ending tool chain
Life of an event - A never ending tool chainLife of an event - A never ending tool chain
Life of an event - A never ending tool chainDevoteam
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceSami Benafia
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWinfosec train
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
 
[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...
[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...
[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...CODE BLUE
 

Similaire à Luncheon 2016-07-16 - Topic 1 - Incident Response Things I wish I Had Known the First Time by Cory Williams (20)

Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
 
Cybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to know
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
 
Practical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsPractical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business Contractors
 
Considerations in Verification of Safety Design for Complex Systems
Considerations in Verification of Safety Design for Complex SystemsConsiderations in Verification of Safety Design for Complex Systems
Considerations in Verification of Safety Design for Complex Systems
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response Fails
 
Digital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdfDigital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdf
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsGACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
 
Life of an event - A never ending tool chain
Life of an event - A never ending tool chainLife of an event - A never ending tool chain
Life of an event - A never ending tool chain
 
Life of an event - A never ending tool chain
Life of an event - A never ending tool chainLife of an event - A never ending tool chain
Life of an event - A never ending tool chain
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
 
CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
 
[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...
[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...
[CB20] Keynote2:Practical and Intelligent Incident Response Planning by Russ ...
 

Plus de North Texas Chapter of the ISSA

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNorth Texas Chapter of the ISSA
 

Plus de North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc groupNtxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Dernier

Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 

Dernier (20)

Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 

Luncheon 2016-07-16 - Topic 1 - Incident Response Things I wish I Had Known the First Time by Cory Williams

  • 2. 2   Incident  Response   Things  I  Wish  I  Had  Known  The  First  Time
  • 3. 3   Who  Is  Set   Solu<ons,   Inc.? ‣  20+  years  in  IT  Security   ‣  Full  range  of  compliance,   security  and  network  services   ‣  Relentless  research     ‣  Vendor  agnosCc   ‣  We  help  safeguard  several  of   the  largest  companies  in  the   world   ‣  Very  happy  customers!  
  • 4. 4   Who  Am  I? ‣  Not  this  guy…   ‣  Senior  Engineer  with  Set   SoluCons,  Inc.   ‣  18  years  in  IT  Security,  IT,  and   IT  Audit   ‣  Security  experience  in   University,  Healthcare,   Aerospace/Defense/Industrial   industries…  
  • 5. 5   What  Is  This   About? ‣  Things  I  wish  I  knew   before  this   happened  
  • 6. 6   What  Are  Your   Goals? ‣  Clean  up  as  quickly  as  possible   and  move  on.    
  • 7. 7   What  Are  Your   Goals? ‣  IdenCfy…   • TTP’s   • Systems  affected   • What  controls  failed?   ‣  Minimize  loss  of  data  or  other   damages   ‣  Remove  the  threat   ‣  Secure  the  environment   ‣  Get  back  to  normal  operaCons   ‣  LEARN  FROM  EXPERIENCE!  
  • 8. 8   You  Need  A   Plan
  • 9. 9   Example  IR   Plan ‣  Overview  /  IR  Policy   ‣  Roles  and  ResponsibiliCes  /  Incident  Response  Team(s)   ‣  Incidents  Requiring  AcCon   ‣  Procedures  for  Response  Steps:   •  IdenCficaCon   •  Containment   •  EradicaCon   •  Recovery   ‣  Call  List  /  CommunicaCons   ‣  Current  Network  Infrastructure  DocumentaCon   ‣  ExisCng  Security  Controls  DocumentaCon/Procedures   ‣  Retainer  for  experts   ‣  SLAs  with  exisCng  partners,  vendors,  etc.   ‣  Training  and  Awareness   ‣  Lessons  Learned  
  • 10. 10   IR  Team  Skills ‣  Technical     ‣  Non-­‐Technical  
  • 11. 11   ‣  IR  Team:   •  IT  Security   •  IT  -­‐  Networking,  Server,   Apps,  AD,  Desktop   •  Consultant(s)   •  Project  Management     ‣  Need  an  ExecuCve   Sponsor!   IR  Team  Members
  • 12. 12   ‣  Other  IT  -­‐  HelpDesk,   Desktop  Support,  Business   Apps,  Web  Development   ‣  3rd  Party  IT  Providers   ‣  Compliance/Privacy   ‣  Audit   ‣  Legal   ‣  HR   ‣  Corporate  CommunicaCons     Other  Groups  to   Keep  in  the  Loop
  • 13. 13   What  Are  Your  Current   Capabili<es? ‣  What  skills  and  tools  do  you   have?   ‣  What  is  your  visibility?    At   perimeter  and  internal…   ‣  Where  are  your  privileged   accounts?    Do  you  know?   ‣  Know  what  and  where  your  gaps   are…  
  • 14. Incident     (“EmoConal  Event”)     Detected     (or  informed  of)   RemediaCon   Begins   RemediaCon   Ends   Incident  Response   Ends   Pre-­‐RemediaCon   RemediaCon   Post-­‐ RemediaCon   14   Incident  Response  Timeline
  • 15. 15   Incident   Detected  /   “Emo<onal   Event”
  • 16. 16   Pre-­‐Remedia<on  /   Posturing  Phase ‣  Fire  up  the  IR  Team  and  Processes   ‣  Ramp  up  detecCon  /  monitoring  /   logging   ‣  Control  Lateral  Movement   ‣  Change  Management   ‣  SLAs  /  3rd  Party  IT  Providers  
  • 17. 17   Remedia<on   Phase ‣  Point  in  Cme  when  an  organizaCon  has…   •  IdenCfied  the  threats  in  their  environment   including  relevant  malicious  domain  names,  IP   addresses,  and  URLs   •  Compromised  systems  have  been  idenCfied   •  Pre-­‐remediaCon  controls  have  been   implemented     ‣  OrganizaCon  feels  they  are  ready  to  remove   the  current  threats     ‣  Usually  a  weekend  or  aner-­‐hours  event  
  • 18. 18   Post-­‐Remedia<on   Phase ‣  Ensure  malicious  acCvity  is  not   ongoing   ‣  Make  sure  weaknesses  have  been   miCgated   ‣  Short-­‐term  and  Long-­‐term   addiConal  posturing…  
  • 19. 19   Incident  Response   Ends ‣  Learn  from  it!   ‣  What  worked…what  did  not  work?   ‣  People,  Processes,  Tools…   ‣  Vendors,  Business  Partners…   ‣  Give  kudos  to  members…  
  • 20. 20