digital self-defense & preparation · 2 days ago · saas tools: bia on-demand, bcm one,...
TRANSCRIPT
![Page 1: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/1.jpg)
Richard Long, Senior Advisory ConsultantMHA Consulting / August 11, 2021
Digital Self-Defense & Preparation
![Page 2: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/2.jpg)
Company Background
A simple mission: Ensure
the continuous operations
of our clients’ critical
processes.
A 20-year proven track
record of applying industry
standards and best
practices across a diverse
pedigree of clients.
We seek to partner with
clients who have a
commitment to BCM versus
a check the box mentality.
SaaS Tools: BIA On-
Demand, BCM One,
Compliance Confidence,
Residual Risk.
20Years in
operation.
20Average years
industry experience.
CAPABLEComprehensive suite of services.
GLOBALDiverse, global
client base.
SAASCompliance and
risk tools.
K E Y F A C T S
Michael A. Herrera, CBCP Chief Executive OfficerPhoenix, Arizona www.mha-it.comwww.bcmmetrics.com
SENIOR LEADERSHIP
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 2
Richard LongPractice Leader & Senior Advisory ConsultantPhoenix, Arizona www.mha-it.comwww.bcmmetrics.com
SENIOR LEADERSHIP
![Page 3: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/3.jpg)
Unique or Competitive Advantage
Healthcare Financial InstitutionsServices & Technology Education
Consumer Products Government/Utility
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 3
Insurance Travel & Entertainment
![Page 4: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/4.jpg)
Robust Suite of Services
EXERCISES CONTINUOUS IMPROVEMENT
ASSESS CURRENT ENVIRONMENT
CONTINUITY STRATEGIES &
SOLUTIONS
RESPONSE & RECOVERY PLANS
• Mock Disaster Exercises
• Plan Functional Walkthroughs
• Alternate Worksite Exercises
• Component, Full and Business Process Failovers
• Coordinated Third Party Exercises
• Business Continuity Strategies & Solutions
• IT Services Continuity Strategies & Solutions
• Supply Chain Continuity Strategies & Solutions
• Crisis Management
• Business Recovery
• IT Disaster Recovery
• Supply Chain Recovery
• Current State
• Policy & Standards
• Business Impact Analysis
• Threat & Risk Assessment
• On-going Training & Awareness Programs
• Post-Exercise Improvement Programs
• Refresh Current State Assessment
• Update BIAs & Threat Assessment
• Third Party Assessments
• Monitor & Measure Resilience Improvement
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 4
![Page 5: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/5.jpg)
Cyber Defense
Definition
… proactive planning, training, monitoring and implementing
defensive tools to oppose and minimize impact to a breach of an
organization’s data and processing network. It includes both
preventative and reactive planning.
“It’s not if, but when…”
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 5
Data/Network Security Preparedness or Cyber Self Defense
![Page 6: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/6.jpg)
The Session
Prevention
Employee training & development
File sharing protocols & limitations
Spam filters, firewalls & file scanning
Software & server patching
Migration from unsupported environments
Preparation
Security response plan
Developing manual work arounds
Backups & data protection
Testing the recovery process
Capability to isolate compromised devices
Capability to shutdown the environment
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 6
![Page 7: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/7.jpg)
Trends and the Future
Few organizations are fully protected
Little to no emphasis on training/exercises
Belief we are “just as smart” as the threat actors
Little functional documentation – rely on reaction
Don’t incorporate external agencies and partners
People are the biggest risk
No standardized Incident Management process
The Next Evolutionof Protections
Risk based access
Zero Trust Model
Third Party Risk Management
Biometrics access
Physical Security Control
Increased awareness training
Protections for remote workers
Trends ImpactingNetwork/Data Security Planning
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 7
![Page 8: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/8.jpg)
Incident Priorities & Objectives
Business Restoration
Asset Preservation
Incident Stabilization
Data Protection
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 8
![Page 9: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/9.jpg)
AssessWhat is the current situation?A
Plan What steps are needed to address the current situation?P
ImplementWhat resources do we need to assign to execute steps to address the current situation?
I
Evaluate How well did we execute to plan and what needs to be addressed?E
Use the Assess, Plan,
Implement and Evaluate
approach to size up the
incident and define a plan of
action. A.P.I.E. consists of:
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 9
![Page 10: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/10.jpg)
Prevention
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 10
![Page 11: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/11.jpg)
Employee Training & DevelopmentPeople are the biggest risk.
90% of breaches are due to human error.
Security Awareness Training Good formal programs exist
Social Engineering Tests More than just phishing
Phishing Tests Use multiple levels to keep people sharp and
meet their abilities
Physical Access Tests Unknown people accessing locations
they should not
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 11
![Page 12: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/12.jpg)
Technology
Technology Governance
Considerations
Multi-factor authentication
Spam filtering
Updated and robust firewall rules
Device Management
File scanning upon downloads Encryption
Strong and changing passwords
Ensure service accounts included
Biometric Log monitoring or SIM (Security
Information Management)
Privileged accounts Unsupported environments
Segregated networking
Considerations
Cyber Policy
Computer use Data sharing Scope Hierarchical
Perform a Risk Assessment
Penetration testing
Cyber Steering Committee
Cross departmental Third-Party Controls & Assessment
Remote work polices & oversight
Physical access policies
Patching polices & oversight
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 12
![Page 13: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/13.jpg)
Prevention Thoughts
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 13
People Insider threats
Sensitive access
Repeated simulation failures
Continual & changing education
3rdParty
Ensure their readiness
Risk to your organization
Technology providers
Service providers
Pipeline outage
Assess Recent cyber events
Historical events
Your industry
Third-party access
Access Zero trust
Access granted at each stage
Cultural change Physical access to
devices
Plug in flash drive
![Page 14: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/14.jpg)
Preparation
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 14
![Page 15: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/15.jpg)
Security Response Plan
WHAT IT IS NOT DOCUMENTATION ACTIONS
What it is not:
Policy and summary description of what you will do
Description of roles and responsibilities
Narrative of the definition of security response, why it is important, etc.
command. ESTABLISH
ASSESS the risks.
COMMUNICATE to whom and when.
EXECUTE your approach to address risks.
3rd Parties who will assist and how.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 15
![Page 16: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/16.jpg)
Security Response Plan
WHAT IT IS DOCUMENTATION ACTIONS
Notification/coordination of response team.
Functional checklist/action plan for execution How will analysis be performed How will network or devices be
isolated Communication tasks
Template for communications When to contact outside
stakeholders When to contact internal
stakeholders Pre-determined decisions
Criteria will shutdown occur When to contact forensics,
insurance, law enforcement
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 16
Third party integration tasks Tasks and needs from service
providers Tasks and needs from law
enforcement and insurance Insurance and law enforcement
integration Business department integration
Legal Finance Security PR/Communications
Incident Response/Command Integration Role Stand up/down
command. ESTABLISH
ASSESS the risks.
COMMUNICATE to whom and when.
EXECUTE your approach to address risks.
3rd Parties who will assist and how.
![Page 17: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/17.jpg)
Manual Work Arounds - Considerations
Document assumptions for those services that remain up
All areas need to address actions to implement if no access to technology on network Assume 2 weeks or more without technology Identify/develop manual forms Requires creative thought What cloud services will be available/useful?
Identify activation tasks Those actions when notified network/applications going down
Payroll Don’t assume just pay last pay period Pay for staff furloughed
Runner needs for on-site staff
Alternate supply, shipping, manufacturing
Vendor/3rd party support available
Protection of downtime devices if part of dependencies
Implications to manual process when portions of the environments are up
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 17
![Page 18: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/18.jpg)
Network/Device Isolation/Segmentation
Appropriate isolation and segmentation will help to protect during an attach and limit impact.
Perform data analysis that defines micro-segments and different levels of authorization based on user, device and location.
Define the requirements for segmentation and network authorization levels based on user, device and location.
Draw up a network architecture that shows the number of segments and the number and type of control points between segments.
Use network access controls, firewalls and intrusion prevention systems as part of the network segmentation implementation.
Develop a baseline profile for each user - who they are, what devices they use, where they connect from, and how they authenticate. Monitor user behavior based on that profile.
Leverage network management tools to analyze network traffic and compare it to defined segments.
Implement appropriate segmentation for locations and network.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 18
![Page 19: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/19.jpg)
Considerations
Two situations Quick Controlled
Identify shutdown checklist for both options Ensure dependencies understood Devices could be manually disconnected
from network as part of preparation phase if needed/possible
Document isolation based on network segmentation
Script shutdown process(es)
End devices images must be part of shutdown
Cloud access/services
Determine estimated timeline Don’t overestimate capability Understand reality
Considerations
Detailed understanding of RTO/RPO and priority within tiers
Security assessment/assessment of backups/data protection
End device rebuild
Cloud-based authentication Base config off-line environment
Prioritization of service/location
Detailed checklist with dependencies Ensure all appliances, devices, servers noted Ensure DB/App/services mappings and
order are considered Network -> authentication -> Tier 0 services
-> Tier 1+ services What can be done in parallel
Shutdown Recovery
Shutdown/Recovery
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 19
![Page 20: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/20.jpg)
Considerations
Understand actual RPO needs
Verify all data is backed-up. No exceptions Include dev/test
Replication for Short RPO (< 12 hours)
Architect for full recovery not just DR Exercise or operational needs
Immutable back-ups/replication for production Cannot be overwritten or accessed Off-network is best
End devices images must be part of immutably backups
Appliance/network device configurations
Authentication (AD/DNS) – Don’t rely on cloud that is always connected to your network
Considerations
Regular (monthly/quarterly) tests of recovery capability for all tiers Don’t reply on just operational restore
requests Include backup restores as part of DR
exercises Include replicated environments as well.
Perform stress test to see how many parallel streams/recoveries can be done
Document time to recovery each tier to identify if will meet RTO
Preparation Capability Verification
Backups/Data Protection
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 20
![Page 21: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/21.jpg)
Testing the Recovery
More than a DR or Mock Exercise
Incident Command
Stand up and down Integrated BC plan/action simulated
Include full business process and use the manual processes Include when portions of the technology are available
Simulate rebuild scenario
Include end devices Cloud access 3rd parties Stress tests – “all” environment tests
Integration of technology recovery with manual processes
Use all exercise types
Mock Tabletop Simulated Recovery
Business
Technology
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 21
![Page 22: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/22.jpg)
Additional Resources
Multiple Resources
https://www.ready.gov/cybersecurity
https://www.cisa.gov/cyber-essentials
https://www.dhs.gov/be-cyber-smart
https://www.fbi.gov/investigate/cyber
Your Technology providers
Your Cyber Insurance Carriers
REMEMBER
If you think you are smarter than
the threat actors, that is like
clicking on a phishing link.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 22
![Page 23: Digital Self-Defense & Preparation · 2 days ago · SaaS Tools: BIA On-Demand, BCM One, Compliance Confidence, Residual Risk. 20. Years in ... Data/Network Security Preparedness](https://reader036.vdocument.in/reader036/viewer/2022071606/6142ed3c7bbb8b3311172151/html5/thumbnails/23.jpg)
Final Thoughts
Things to think about.
Executable security response plan
Detailed shutdown and recovery plans
Verify capability via testing
Train people
Implement appropriatetechnology solutions
Don’t forget 3rd party riskand include in preparations
Governance andcontinued oversight
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 23
Functional and defined manual work arounds
Data protection review and assessment