igpc data breach planning braindump
TRANSCRIPT
YOUR SPEAKER • JAMES MCKINLAY IS CURRENTLY THE HEAD OF INFORMATION SECURITY AT ATOS WORLDLINE.
• HE SITS ON THE GLOBAL DATA PROTECTION OFFICERS COMMITTEE AND THE GLOBAL SECURITY
STEERING COMMITTEE, CONTRIBUTING TO THE GLOBAL SECURITY KPI PROGRAM AS WELL AS DATA
PROTECTION TRAINING, AWARENESS AND COMMUNICATIONS.
• HE IS RESPONSIBLE FOR THE DEVELOPMENT OF INFORMATION SECURITY STRATEGY ACROSS ALL UK
PRODUCTS, PLATFORMS AND SERVICES WHILST SUPPORTING THE GLOBAL 27001 INITIATIVE.
• JAMES WAS PREVIOUSLY RESPONSIBLE FOR CISO LEVEL INCIDENT RESPONSE CONSULTANCY WHERE
HE ADVISED ON SOC, CIRT AND SIEM PROJECTS AND FOR MANAGING THE INFORMATION SECURITY
MONITORING TEAMS AT A NUMBER OF HOUSEHOLDS NAMES SUCH AS ASDA, MANCHESTER AIRPORTS
GROUP AND NETFLIGHTS.COM
AGENDA
HOW DATA BREACH PLANNING CAN BUILD IMPORTANT BRIDGES ACROSS
YOUR ORGANISATION
• BACKGROUND,
• INFORMATION SYSTEMS VIEW,
• & BUSINESS VIEW
DEFINITIONS
CSIRT Computer Security Incident Response Team
SOC Security Operations Centre
PCIDSS Payment Card Industry Data Security Standard
DFIR Digital Forensics Incident Response
LEA Law Enforcement Agency
SIEM Security Information Event Management
SANS System Administrator Network Security Institute
NSM Network Security Monitoring
Others JDI JIT SEP NMP TARFUN
DATA BREACHES IN THE NEWS • NOVEMBER 14TH – WESTLAW
• NOVEMBER 14TH – TURKISH POWER ADMINISTRATION
• NOVEMBER 13TH – PARASOLE RESTAURANT HOLDINGS
• NOVEMBER 13TH – THOMAS COOK BELGIUM
• NOVEMBER 13TH – FINALEASE CAR CREDIT
• NOVEMBER 13TH - MENSURA
• NOVEMBER 13TH – HSBC TURKEY
• NOVEMBER 12TH – ONSIGHT HEALTH DIAGNOSTICS
• NOVEMBER 12TH – EASTERN IOWA AIRPORT
• NOVEMBER 10TH – GRAND CASINO MILLE LACS
DATA BREACH NEWS SOURCES
INCIDENT RESPONSE STANDARDS
PCIDSS REQUIREMENT 12.10
CARD BRAND SUPPORT
TOP 20 CRITICAL CONTROLS CSC 18: Incident Response and Management Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.
http://www.counciloncybersecurity.org/critical-controls/
CYBER WORKFORCE
http://www.counciloncybersecurity.org/workforce/cybersecurity-roles/ http://energy.gov/cio/downloads/essential-body-knowledge-ebk
SOC EVOLUTION • HTTP://H20195.WWW2.HP.COM/V2/GETPDF.ASPX/4AA4-6539ENW.PDF
ENTERPRISE SECURITY MONITORING
• CREDIT : DAVID BIANCO, BSIDESDC PRESENTATION, 2013
INCIDENT RESPONSE
DFIR BLOGS • HTTP://BLOG.HANDLERDIARIES.COM/
• HTTPS://WWW.ALIENVAULT.COM/BLOGS/
OTA DATA BREACH READINESS GUIDE • HTTPS://OTALLIANCE.ORG/RESOURCES/2014-DATA-PROTECTION-BREACH-READINESS-GUIDE-OVERVIEW
PEOPLE YOU NEED TO MAKE FRIENDS WITH • DPO ( AS REGISTERED WITH ICO) OR AS CHOSEN WITHIN THE ORG
• CONTRACTS MANAGER (LEGAL) (SECURITY IN SUPPLY CHAIN REVIEW)
• PRIVACY EXPERT (LEGAL) (COMPOSING LETTERS, PRESS RELEASES, MEETING REGULATORY TIMELINES)
• HEAD OF RISK – GET DATA LOSS ON THE CORPORATE RISK REGISTER
• HEAD OF INTERNAL AUDIT – GET DATA PROTECTION AUDITS ON THEIR AGENDA
• SERVICEDESK MANAGER – AN ITIL INCIDENT IS NOT ALWAYS A CSIRT INCIDENT
• BCM – PANDEMIC PLAN, BIA, BC PLAN, MAJOR INCIDENT PLAN, MODEL FOR DATA BREACH PLAN
• INTERNAL COMMS TEAM - (PREVENT RUMOURS, GET QUICK AND ACCURATE MESSAGE OUT INTERNALLY)
• EXTERNAL COMMS TEAM – (LAW ENFORCEMENT AS WELL AS MEDIA AND CUSTOMER)
• LEARNING AND DEVELOPMENT – (MANDATORY TRAINING)
• INSURANCE BROKER
AT HOME
FIND ME
• ON LINKEDIN
• UK.LINKEDIN.COM/IN/JMCK4CYBERSECURITY/