Upload File

cybersecurity from a continuity point of view

  • Home
  • Business
  • Cybersecurity from a continuity point of view
32
Cybersecurity from a continuity point of view Planning and Preparation

Upload: the-business-continuity-institute

Post on 05-Apr-2017

6 views

Category:

Business


0 download

Report

TRANSCRIPT

Page 1: Cybersecurity from a continuity point of view

Cybersecurity from a continuity point of view

Planning and Preparation

Page 2: Cybersecurity from a continuity point of view

Five Pillars

Preparation Detection Response Recovery Review

Page 3: Cybersecurity from a continuity point of view

PreparationPreparation Detection Response Recovery Review

Page 4: Cybersecurity from a continuity point of view

Of Genies, Imps, and Magic Blue Smoke

Page 5: Cybersecurity from a continuity point of view

Blinded by technology• Does the solution have to

be technological?

• Pen and Paper• Sneaker-net• Honesty box

Page 6: Cybersecurity from a continuity point of view

Beware of IT that isn’t IT• HVAC• Facilities Management• Building Access Control• CCTV• Telephony• Machinery CAD/CAM

Page 7: Cybersecurity from a continuity point of view

Preparation

• Understand systems• Understand stakeholders and criticalities• Understand threats vulnerabilities and impacts• Understand countermeasures• Agree response and recovery plans and objectives

Preparation Detection Response Recovery Review

Page 8: Cybersecurity from a continuity point of view

DetectionPreparation Detection Response Recovery Review

Page 9: Cybersecurity from a continuity point of view

Who reads the logs?

Page 10: Cybersecurity from a continuity point of view

Typical Phases of an AttackRecon

• Identify Target (GHDB, Google Advanced Search, Linkedin)• Look for vulnerabilities (Metasploit, Acunetix, Nmap, Builtwith)

Attack Target • Exploit vulnerabilities (GHDB, Kali Linux)• Defeat remaining controls

Achieve Objective• Disruption of Systems• Extraction (e.g. money, IPR or data)• Manipulation (e.g. adding, changing or deleting key data)

Countermeasures

• Monitoring (and logging)• Situational awareness• Collaboration

• Solid architectural design• Standard Controls• Penetration testing

• Cybersecurity Incident Response• Business Continuity Plans• Cybersecurity Insurance

Page 11: Cybersecurity from a continuity point of view

Severity Impact Assessment• What is the business impact?• What are the trigger points?• Who triggers the response plans?

• Consider barriers to triggering• Autopilot• Worried about blame• Worried about loss of control

Page 12: Cybersecurity from a continuity point of view

Whose plan is it anyway?• IT helpdesk BAU• Cyber incident response• Disaster recovery• Business continuity

Page 13: Cybersecurity from a continuity point of view

Detection

• Logging and Monitoring• Log intelligence• Alerting• Triggering the plan

PreparationDetection Response Recovery Review

Page 14: Cybersecurity from a continuity point of view

ResponsePreparation

Detection

Response

Recovery Review

Page 15: Cybersecurity from a continuity point of view

Stop, Look, Listen!• Automatic pre-planned

responses buy you time to gather information• Temptations to avoid• Rushing into solutions before

the problem is defined• Trying to run a serious incident

using BAU processes

Page 16: Cybersecurity from a continuity point of view

Objectives – First Aid• Call for help!• Preserve evidence• Prevent further loss• Promote continuity of service

Page 17: Cybersecurity from a continuity point of view

The Domino Effect

Page 18: Cybersecurity from a continuity point of view

Dependencies• Services that must or will be stopped

• Often for health and safety or regulatory reasons• Pool cannot be used without lifeguard cover• Online banking cannot be used without anti-fraud

systems • Services that can freewheel

• Underlying service is not critical or can catch up later• Information-only websites• Support services such as facilities management, HR.

• Services that must be supported• Switch over to alternate systems

• paper-based recording• backup generators

Page 19: Cybersecurity from a continuity point of view

Virtualisation

Page 20: Cybersecurity from a continuity point of view

Identify StakeholdersExternal

Strategic

Tactical

Operational

Page 21: Cybersecurity from a continuity point of view

Communicate• Server sorry or error pages• Service status websites• Social media• Traditional channels

• Promise updates at reasonable intervals …• … and deliver on those promises!

Page 22: Cybersecurity from a continuity point of view

Regulation and Investigation• Is this a notifiable incident?• Has a crime occurred?

• PCI-DSS• Information Commissioner• Industry Regulators• Police and Crime Agencies• Mandatory Subject Notification

Page 23: Cybersecurity from a continuity point of view

Hallmarks of a good IMP• Brief – put details in the appendices• Available• Tested• Based on business operational units, not IT functions.• Understands dependency• Concentrates on the response, not the nature of the incident• Defines WHO to inform and WHAT information to give• Covers incidents from single service disruption to full black start

Page 24: Cybersecurity from a continuity point of view

Response

• Identify Objectives• Prevent further loss• Preserve evidence• Isolate compromised systems• Communicate with stakeholders

PreparationDetecti

onResponse

Recovery Review

Page 25: Cybersecurity from a continuity point of view

RecoveryPreparation

Detection

Response

Recovery Review

Page 26: Cybersecurity from a continuity point of view

Before You Start• Are remaining

systems/processes stable?• Last known good state

established?• Affected systems isolated

and evidence preserved?

Page 27: Cybersecurity from a continuity point of view

Step by Step• The recovery order is

determined by:• Recovery time objectives• Dependencies• Time required to acquire

hardware• Time required to

recover/rework data

Page 28: Cybersecurity from a continuity point of view

Handing Back• How will data from interim

processes be back-filled?• Will there be a backlog

requiring additional resources?• Will there be additional

demand caused by the outage?

Page 29: Cybersecurity from a continuity point of view

Investigation and Reporting• The incident is not over

when all systems are back up and running

Page 30: Cybersecurity from a continuity point of view

Recovery

• Restore data (backups, manual re-entry)• Restore user services• Investigate incident and report to stakeholders

PreparationDetecti

onRespon

seRecovery Review

Page 31: Cybersecurity from a continuity point of view

Review

• What happened?• How could it be prevented?• What could be done better?• Update plans, controls and processes

PreparationDetecti

onRespon

seRecove

ryReview

Page 32: Cybersecurity from a continuity point of view

Thank youTom Crellin MBCS CITP CBCI

www.tomcrellin.co.uk

http://www.tomcrellin.co.uk/

Point-of-Sale and E-Commerce Cybersecurity for Small Merchants · 2020-02-13 · Point-of-Sale and E-Commerce Cybersecurity for Small Merchants In Collaboration With: @staysafeonline

SecureTech 2014: Risk, Business Continuity and Cybersecurity - A Resiliency Perspective

Equation of Continuity - Union Collegeminerva.union.edu/labrakes/Fluids and Fluid Mechanics.pdfequation of continuity the volume of fluid in at point 1 equals the volume of fluid out

Cybersecurity – A Regional Perspective€¢ Business Continuity Management ... Regulations Governing the Clearinghouse’s Plan of Security ... BNM/RH/GL/ 013-3 – Guidelines on

CyberSecurity, 5 Business Continuitymyresource.phoenix.edu/secure/resource/IT205r13/... · 2014-01-10 · Explain the benefits of business continuity and disaster recovery planning

Continuity at a Point

The 13th Annual Continuity Insights Management Conference... · 3/27/2015 3 1st Step…Pick the ‘Broadest Starting Point’ Business Continuity Management (BCM): • Holistic management

ALWAYS ON | REMOTE ACCESS AND BUSINESS CONTINUITY€¦ · ACCESS AND BUSINESS CONTINUITY NEEDS ... Page 2 ANTIVIRUS APPLICATION CONTROL/ PERFORMANCE CONNECTIVITY END POINT SECURITY

MODULI OF CONTINUITY, ISOPERIMETRIC PROFILES, AND MULTI ...andrews/HSU_Survey141121.pdf · MODULI OF CONTINUITY, ISOPERIMETRIC PROFILES, AND MULTI-POINT ... ranging from my proof

Kaspersky Industrial CyberSecurity: solution overview 2017 · However, for most OT systems, cybersecurity is not about ‘data’ but about the continuity of technological processes

Continuity Lesson 1.1.14. Learning Objectives Given a function, determine if it is continuous at a certain point using the three criteria for continuity

SMART iT Your Trusted CyberSecurity Partner · SMART iT – Your Trusted CyberSecurity Partner Security Frame Work IT Security is a fragmented market, proliferated with many point

SAT Prep. Continuity and One-Sided Limits Determine continuity at a point and an open interval Determine one-sided limits and continuity on a closed interval

Family Continuity Safety Training Power Point (2).pptx ... · elements were developed by Family Continuity Staff and especially its Safety Committee. Specific citations and other

Math - Continuity · 2013. 1. 4. · 6B Continuity 2 Definition: Continuity at a Point Let f be defined on an open interval containing c.We say that f is continuous at c if This indicates

PwC Point of View on Cybersecurity Management

AP Calculus BC Thursday, 03 September 2015 OBJECTIVE TSW (1) determine continuity at a point and continuity on an open interval; (2) determine one- sided

Cybersecurity Threats - NI Business Continuity Forum

LEISHTON ACADEMY 2019 PROGRAMME CALENDAR · Business Continuity, Crisis Management and Cybersecurity Contents •Anti-Money Laundering (AML) and Know Your Customer (KYC) •Board

CHECK POINT INFINITY ARCHITECTURE€¦ · — Doug Cahill, group director and senior cybersecurity analyst at market research firm, Enterprise Strategy Group . CHECK POINT INFINITY

Real-time Cybersecurity and Visibility for Industrial ......2 4 Check Point and Claroty – Real-time Cybersecurity and Visibility for Industrial Control Networks The Claroty solution

WHITEPAPER Backup versus business continuity: plan better ... · When talking about business continuity, we think in terms of Recovery Time Objective (RTO), and Recovery Point Objective

Continuity!!. cab cab cab Definitions Continuity at a point: A function f is continuous at c if the following three conditions are met: Continuity

Frost & Sullivan Cybersecurity Presentation & Sullivan Cybersecurity Presentation ... point of attack for hackers ... ADAS Market Outlook to 2020 – Six Fold Growth

SIZE DOESN’T MATTER IN CYBERSECURITY - Check Point Softwaresc1.checkpoint.com/partner-map/Size_Doesnt_Matter_Cybersecurity.pdf · SIZE DOESN’T MATTER IN CYBERSECURITY | 04. Over

TABLE OF CONTENTS · Real Analysis Test 1 ... Countable sets, Sequences and Series, Point-set topology, Continuity, Uniform Continuity, Differentiability, Uniform Convergence,Riemann

Tipping Point For Cybersecurity - Amazon Web Services · 2018-12-24 · Tipping Point for Cybersecurity nalysis eveals rgency for mpowering SMBs httpsadaptablesecurity.org According

Cybersecurity€¦ · directors, “cybersecurity” can no longer be just a buzz word or a simple talking point. We have heard many board members characterize cybersecurity risks

Student Understanding of Limit and Continuity at a Point

Cybersecurity Policy Making at a Turning Point policy... · 2016-03-29 · CYBERSECURITY POLICY MAKING AT A TURNING POINT: ANALYSING ... In addition to describing this evolution of

Family Continuity Safety Training Power Point (2).pptx ... · Specific citations and other information related to the materi al can be obtained by contacting Family Continuity at

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY … and showcase your skills in critical areas of ... digital forensics and incident documentation. ... The entry point into our cybersecurity

CISA | CYBERSECURITY AND INFRASTRUCTURE ......cyber incident management plans, services continuity plans, COOP, etc., Build a network of trusted relationships with sector partners

Limits and Continuity - Math - The University of Utah › lectures › math2210 › 12PostNotes.pdf · Limits and Continuity Intuitively, means that as the point (x,y) gets very close

Mrs. Upham - Home · Web viewLesson 3: Continuity and One-Sided Limits Definition of Continuity Continuity at a point: A function f is continuous at c if the following three conditions