deeper security, broader privacy - how firms use the latest co3 features to automate incident...
Post on 18-Nov-2014
304 Views
Preview:
DESCRIPTION
TRANSCRIPT
Deeper Security, Broader Privacy
How firms use the latest Co3 features to automate incident response
Page 2
Agenda
• Introductions
• Security module updates
• Privacy module updates
Page 3
Introductions: Today’s Speakers
• Ted Julian, Chief Marketing Officer
• Gant Redmon, Esq. CIPP/US, General Counsel, Co3 Systems
• Allen Rogers, VP Engineering
Page 4
IR opportunities / challenges
• Dramatically improve response times• “Socialize” IR workflow and collaboration• Ensure privacy breach compliance in a fraction of the time• Document best practices / IR procedure with a click• Establish buy-in with compelling reports / dashboards• Do more and do it better, with the team you already have• Replace static binder with actionable, repeatable platform
1 Gartner Security Summit, Keynote Address - June 20132 “Seven Habits of Highly Effective Incident Response Teams” - April 2013
“If you are going to invest in one thing, it should be incident response”
GARTNER – JUNE 2013
1
“You can’t afford ineffective incident response”
FORRESTER RESEARCH – APRIL 2013
2
Page 5
The complete process – based on E.R. standards
PREPARE
Improve Organizational Readiness• Appoint team members• Fine-tune response SOPs • Escalate from existing systems• Run simulations (firedrills / table
tops)
MITIGATE
Document Results & Improve Performance• Generate reports for management,
auditors, and authorities • Conduct post-mortem• Update SOPs• Track evidence• Evaluate historical performance• Educate the organization
ASSESS
Identify and Evaluate Incidents• Assign appropriate team members• Evaluate precursors and indicators• Correlate threat intelligence• Track incidents, maintain logbook• Prioritize activities based on criticality• Generate assessment summaries
MANAGE
Contain, Eradicate, and Recover• Generate real-time IR plan• Coordinate team response• Choose appropriate containment
strategy• Isolate and remediate cause• Instruct evidence gathering and
handling• Log evidence
Page 6
System overview
Dashboards and Reporting
SSAE-16 SOC2
certified hosting facility
Trouble Ticketing
SIM
Web Form
Entry Wizar
d
AutoAnalysis
IR - Engine
Threat Intel
Auto-Correlation
IT
Marketing
Legal/Compliance
HR
Trouble Ticketing
SIM
GRC
POLLIs updating your IR process a current priority?
SECURITY MODULE
New Features
Page 9
What’s New in Co3’s Security Module
• Incident Timeline and Milestones• Artifacts and Threat Intel integrations• Related incidents• Configurable Dashboards• System task overrides and task reordering• IP address limiting
Coming Soon• Configurable Reports• Chart Drill-downs
DEMO
Page 11
Coming Soon: Custom Reports
Page 12
Coming Soon: Chart Drill-Down
POLL
What aspect(s) of your IR process do you struggle with?
PRIVACY MODULE
New Features
Page 15
What’s New in Co3’s Privacy Module
• EU Jurisdictions• PII in the EU
Coming Soon• Asia-Pacific
Page 16
Jurisdiction: US & Canadian
• US• Federal (industry based) – HIPAA and GLB• State (residency based) – “doing business in”
• Canada• PIPEDA – national (though no notification obligation)• Provincial - (residency based)
Page 17
Jurisdiction: EU
• The EU generally looks at where the controller of information is based and where the information is being processed.
• Location based rather than industry or residency based• Comprehensive Notification: If you are a UK company
processing personal information in UK and you lose that info, you then have to notify everyone whose information went out the door. It doesn’t matter where they live.
Page 18
Jurisdiction: EU
• Not all EU countries have adopted the EU Privacy Directive (Directive 95/46/EC)
• Austria, Denmark, Germany, Ireland, Norway, Spain, and UK• Telcos are a different story: Directive 2002/58 on Privacy
and Electronic Communications, otherwise known as E-Privacy Directive, is an EU mandate to notify officials and affected individuals of data breaches affecting person information.
Page 19
Jurisdiction: EU
Page 20
What is PII in Canada and the EU
• California, USA: personal information is a person’s name plus SSN or driver’s license number, financial number, or medical information.
• Alberta, Canada: personal information is information about an identifiable individual.
• UK: personal information is any information concerning the personal or material circumstances of an identified or identifiable natural person.
Page 21
What is PII in Canada and the EU
Page 22
What is PII in Canada and the EU
Page 23
Coming Soon: Privacy Module Updates
• Asia-Pac Privacy Breach Regulations
QUESTIONS
The information and images contained in this document are of a proprietary and confidential nature. The disclosure, duplication, use in whole, or use in part, of the document for any purposes other than client evaluation without the written permission of Co3 Systems, Inc. is strictly prohibited.
© Co3 Systems Inc. 2013 All Rights Reserved.
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages for privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and very well designed.”
PONEMON INSTITUTE
“One of the most important startups in security…”
BUSINESS INSIDER – JANUARY 2013
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
“an invaluable weapon when responding to security incidents.”
GOVERNMENT COMPUTER NEWS “Adding the Security Module... to this otherwise fine suite of services, Co3 has done better than a home-run...it has knocked one out of the park.”
SC MAGAZINE
top related